Recently, Google employee Jann Horn, along with students at the Graz University of Technology, uncovered two new processor exploits. The exploits, named Spectre and Meltdown, may have existed for decades. Spectre and Meltdown have gone undiscovered for so long because they, unlike most computer exploits, utilize hardware instead of software. According to The Verge, the exploits can access your computer by using JavaScript within a browser to access the memory of previous keystrokes, showing hackers sensitive information, like passwords or credit card numbers. Outside of methodology, Spectre and Meltdown share very few similarities.

While Spectre and Meltdown both utilize processors to get into your device, most similarities end there. Meltdown, which targets primarily Intel and ARM processors, is actively being patched out. Meltdown still may be dangerous to consumers, however. While major companies, like Amazon, Google, and Microsoft, have already patched out internal Meltdown vulnerabilities, end user programs, like browsers, are still yet to be entirely fixed. As The Verge reports, Firefox and Internet Explorer/Edge have been issued preliminary patches, and a patch for Chrome is due in the coming weeks. Browsers, however, are not the primary concern for vulnerabilities.

Operating systems are most at risk because they handle the most vulnerable part of the computer, the processor. Windows 10 users have already been issued an emergency patch to try and mitigate the Meltdown vulnerability, while Windows 7 and Windows 8 users will be given one in the coming days. Users on macOS products are also at risk, as discussed by Apple in a blog post, stating, “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.” Apple also wrote that the latest macOS patch, macOS 10.13.2, has fixed Meltdown vulnerabilities. 

“Since the same CPUs are used in many different computers, Macs and PCs, for example, these vulnerabilities, or weaknesses, exist on a much larger set of electronic devices,” said Jeff Lukins, a cyber security analyst for Dynetics, “including some smartphones and tablets as well as many laptops and desktops.”

Luckily, phones aren’t nearly as vulnerable to Meltdown as compared to computers. Most vulnerabilities to Meltdown were patched in recent updates for iOS and Android. As long as your phone is kept up to date, it should be fine.

The real threat, Spectre, still remains. Unlike Meltdown, Spectre is far more general and targets cloud systems, which could allow it to access sensitive information in the cloud for years to come. Payton Gloschat, a member of a CyberPatriot team, stated, “The fact that both the Spectre and Meltdown exploits stem from what was supposed to be a feature on the processor makes me wonder, what other features on hardware could be exploited?”

The best defense against these exploits is to make sure you use a secure password with numbers, capital letters, and special characters. Two-factor authentication is also a vital step in protecting confidential information. At the end of the day, if possible, do not store sensitive information online.