Meltdown and Spectre bugs are affecting nearly all computers

Image Denys Prykhodov via Shutterstock

Image Denys Prykhodov via Shutterstock

Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Intel and its partners said the fixes should be largely in place this week.

Patches against Spectre, in the form of an update to web browser Safari, will be released "in the coming days". ARM Holdings said it's working with Intel, AMD and operating system vendors to address the problem.

Interestingly, Meltdown does not affect one device: The Apple Watch.

Apple shares rose 1 per cent to US$174.80 (RM698) at 3.01pm Friday in NY.

Researchers announced the two flaws affecting virtually all computer processors on Wednesday. The other vulnerability, Spectre, meanwhile, has been demonstrated on Intel Ivy Bridge, Haswell and Skylake processors, AMD Ryzen CPUs, and several ARM-based Samsung and Qualcomm system-on-chips used for mobile phones. Alongside an apology and an explanation that a software change was implemented to balance out the effect of aging batteries, the company reduced the cost of replacing the power units from US$79 to US$29 through the end of 2018.

Intel says the update it released last week fixing the security flaw in its computer chips will not slow down systems after experts predicted it would reduce CPU usage by 30 per cent. And Spectre is everywhere: laptop and desktop computers, servers in data centers, and smartphones.

These pre-computed results, if not used, are discarded - but, as researchers have shown, there are side-effects left by such precomputation which are not disposed of thoroughly enough and can sometimes be leaked to the potential attacker.

Gerry Grant, chief ethical hacker at the Scottish Business Resilience Centre and manager of Curious Frank Cyber Services, said: "The key thing that everyone should be doing with real urgency is to ensure their devices have the latest security updates installed". The company also alerted users to update their operating systems. Google will also ship an update to its Chrome browser in January to obstruct attempts to exploit these flaws. However, according to Google researchers, Spectre also is considerably more hard to exploit.

The company has made software updates to protect against some of the problem, but not all of it. This is a particular issue on cloud computing services. This time, the security threat is within the hardware - more specifically, the microchip. The company, which has rejected doing a chip recall or other costly remedies, said it has quietly marshaled a coalition of software, hardware and cloud services to develop and deploy programming tweaks that are created to close most of the security gaps.

Meltdown and Spectre were identified by a team at Google, with their work augmented by researchers from other organizations.

"We are now not aware of effective countermeasures that will eliminate the root cause of Spectre, short of hardware redesign", said Daniel Genkin, one of the authors of the Spectre research paper and postdoctoral fellow in computer science in the University of Pennsylvania and the University of Maryland, in the United States, in an email to The Register.

Good luck getting the 'Fire and Fury' book anytime soon
Honda to debut 2019 Insight Prototype at North American International Auto Show