Spectre and Meltdown

5 January 2018

You’ve probably heard some stories in the news lately about two large vulnerabilities, dubbed Spectre and Meltdown, in CPUs from three main chip manufacturers – Intel, AMD and ARM.

The vulnerabilities allow programs to read data it should not be able to access, and that data could be absolutely anything in memory, including passwords or other sensitive information.

The vulnerabilities allow programs to read data it should not be able to access, and that data could be absolutely anything in memory, including passwords or other sensitive information.

The bad news is almost every computing device is vulnerable.

The good(ish) news for us Mac and iOS users is Apple has already released fixes to mitigate the problem in iOS 11.2, macOS 10.13.2, and tvOS 11.2. Note that Apple Watch is not affected by Meltdown, but it is affected by Spectre and we believe watchOS may not have been updated yet.

One thing that’s important to understand is that the issue is actually a hardware problem and therefore cannot be fully fixed in software. The design of the Intel/AMD/ARM CPU architectures will need to be addressed and new chips released.

Another thing to note is that despite nearly every Apple device being affected, it appears Apple has only released the patches for the latest versions of macOS, iOS and tvOS. This means if you’re running an old OS on your Mac, it’s time to upgrade the OS as soon as you can.

How can I stay safe?

Our advice (and best practice) would be to keep your devices updated with all the latest software at all times, and don’t download apps from untrusted or insecure sources such as BitTorrent or Newsgroups. Also be sure to use Sentry (ClamXAV’s background monitor) so any new files and apps downloaded to your computer are scanned as soon as they arrive.

You can download the latest version of ClamXAV on the downloads page, or if you already have it installed, you can use the following update-link.