No device is safe from Meltdown and Spectre Vulnerabilities: eScan

CIOReview Team | Monday, 08 January 2018, 13:15 IST

Almost every processor designed since 1995 is affected by "Speculative Execution Side-Channel Attacks" as per the extensive research was done by the researchers of Google Project Zero. The vulnerabilities have been segregated into two categories viz. Meltdown and Spectre.

Computers, smartphones, tablets etc. with Windows, Linux, iOS, MacOS, tvOS, Android or any other operating systems are impacted by these vulnerabilities.  However, it yet unknown how smartphone device manufactures would be pushing the updates considering for a fact that every vulnerability addressed by Android takes a long time to be made available to the end-users by the device manufacturers. Apple/iOS traditionally have always been very quick in addressing the concerns and have been providing patches to its users at a much faster rate and this time around too, we expect Apple to provide a resolution for these issues.

Apple has issued a statement pertaining to Meltdown / Spectre and iOS / Mac users should expect updates to the Safari Browser in next few days.

eScan Advisory:

· Update security patches regularly: It is very critical to keep your mobile device fully updated. Now that the vulnerabilities have been discovered which can be exploited using Javascript, updating the browsers as and when the new versions are made available, would be the best defense for your mobile.

· Desktop/Servers: Ensure that the installed Antivirus has enabled the registry key on Windows Machines, as mandated by Microsoft, as this would ensure that Antivirus has tested and is compatible with the patches provided by Microsoft.

· Be cautious while downloading applications: Avoid installing applications from the internet. Use the Google Playstore or App store as provided in the mobile device.

· Ensure Backup: Always keep a backup of the data on the mobile device before formatting the device.

· Upgrade your device:  Many a times mobile devices do not get updates after the software and hardware have become the old. The companies keep upgrading the versions of the mobile device with the latest security patches applied.