Meltdown and Spectre vulnerabilities affect billions of devices
Written by a NortonLifeLock employee
Spectre Next Generation — reportedly a new set of vulnerabilities in modern computer processors — could put your data at risk.
Heise, a German online computer publication, reported on the security issue in March 2018. It said eight new vulnerabilities had been identified.
Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN
30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.
Join today. Cancel anytime.
The security flaws seem to pose the most risk to companies that provide cloud hosting or cloud services, according to the Heise report. Hackers may be able to gain access to data transfers and data.
What does this mean for you?
“The concrete danger for private individuals and corporate PCs is rather small, because there are usually other weak points which are easier to exploit,” the Heise report said. “Nevertheless, they should be taken seriously.”
Background on Spectre Next Generation
Spectre Next Generation, or Spectre NG, takes its name from a previously discovered vulnerability, Spectre, which was first reported in 2017.
Spectre and Meltdown — another vulnerability discovered in processors in 2017 —have reportedly affected billions of devices.
Processor manufacturers typically release patches and updates for security flaws.
Patches for Spectre Next Generation are in the works, according to published reports. Two batches will be released: one as early as May 2018, the other in August 2018.
How do vulnerabilities like Spectre NG work?
The Meltdown and Spectre processor vulnerabilities affect personal computers and mobile devices, as well as data processing in the cloud.
The hardware vulnerabilities can potentially allow programs to steal data that is being processed on the computer’s chip.
Programs typically are not permitted to read data from other programs. But a malicious program can exploit Meltdown and Spectre to access data stored in the memory of other running programs.
Here are the types of information hackers might be able to access:
- Passwords stored in a password manager or browser
- Personal photos
- Instant messages
- Documents containing personal information
How to help protect against these vulnerabilities
Upcoming Spectre NG updates should be installed quickly after their release.
Norton can help users protect against some instances of threats like these. If you run into any issues installing patches, you should first make sure your Norton product definitions are up to date, then apply operating system patches immediately afterward.
Work continues by all parties to harden the software against any potential exploits.
How to help protect cloud data
Spectre, Meltdown, and Spectre Next Generation security flaws also affect the cloud. Cloud data is stored on physical servers that may use vulnerable processors. That’s why some of these systems could become vulnerable to hacks.
It’s a good idea to check with the cloud storage provider to see if their systems are affected by a particular vulnerability. If so, ask your provider what to do to help protect important data.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.