I’m putting my IT hat back on for a minute and sifting through the confusion in the media to bring you a clear set of 5 key points and 2 recommendations for your consideration. Feel free to distribute.
Here’s the lowdown on the Meltdown and Spectre flaws in Intel and other chips (links to supporting articles will follow):
1. Yes, Spectre and Meltdown are real. They affect Intel, and to a lesser extent, AMD processors. “Flaws buried deep in the architecture of most modern CPUs have presented a golden opportunity for bad actors to access priveleged information held in memory. Most computers contain iron-clad spaces where data can pass securely in an unencrypted, visible form. These work by limiting the access to that data from other applications and pocesses. But Meltdown and Spectre undermine these safeguards. If exploited, they could result in an adversary accessing things like passwords and privileged data.”
2. There were no known instances of the vulnerabilities actually being exploited.
3. Intel has begun releasing updates. The problem is, the updates can adversely affect performance. “The performance impact of these updates is highly workload dependent,” though that “some workloads may experience a larger impact than others.”
4. Microsoft’s initial attempts to patch machines through Windows updates have actually bricked (broken) some of the AMD machines. Microsoft has halted those updates until they’ve fixed their own bugs.
5. Apple’s 11.2.2 iOS update will deliver the patches to its flock.
My two recommendations:
1. With respect to key point 2, above, I would NOT go hunting down a fix. It’s likely to be premature, buggy, and as per key point 4, it could very will brick (permanently break) your machine.
2. If you’re in the market for a new computer, I would definitely wait long enough to be absolutely certain your new computer uses a post-Spectre/Meltdown processor, one specifically built to NOT have the flaws.
For details supporting the above five key points, I have provided links to the relevant articles from which I sourced the information, here: