You may have read about frightening sounding exploits made public last week known as ‘Meltdown’ and ‘Spectre’. You can find a good overview of what these exploits are here: https://spectreattack.com/ In a nutshell, these are design flaws present in most computers, including your phone, laptop and also all the computers we run and manage in ‘the cloud’ that could let malicious apps on your laptop or phone steal or observe the private data of other apps running on the same device, without you or the other apps knowing that this happened. Even malicious code running in a browser window from a sketchy website you accidentally clicked on could potentially steal data that lives elsewhere on your machine, like a downloaded receipt that happens to contain your mailing address. You don’t want anyone on the internet to be able to access your personal information.
It’s likely only a matter of time before these flaws are exploited, and is therefore important and urgent to perform the following updates to protect yourself. These steps may take you up to 30 minutes to complete- everyone is busy, but the risk involved makes this worth your time. (These steps were been designed for a mac-centric workplace.)
1. Upgrade your mac operating system to version 10.13.2 and install the 10.13.2 supplemental update. 10.13.x is High Sierra, and if you have not already upgrade to High Sierra, please do this as well. To make upgrading easier in the future, please also enable automatic updates on your mac laptop: https://support.apple.com/kb/PH25532?locale=en_US
First, check your version:
Is it a version < 10.13.2? Then you need to update. Click the ‘Software Update’ button and follow the instructions. This may take up to 15 minutes.
After updating your operating system, then enable automatic updates:
2. Upgrade your iPhone operating system: Apple has released a security patch to mitigate some of these issues in iOS 11.2.2, so if you have an iPhone or iPad, please make sure that your phone operating system is up to date, following these steps: https://support.apple.com/en-us/HT204204 It’s likely Apple will release additional related security patches for iPhone, so to ensure you pick up new security patches when they are available, please also enable automatic updates on your phone, following these instructions: https://9to5mac.com/2013/09/20/ios-7-how-to-set-up-automatic-app-updates/
3. Upgrade your Android Phone operating system: Google has released security patches, believed to address all known vulnerabilities related to Meltdown and Spectre, with security patch levels of 2018–01–05 or later. If you have a google phone, update your operating system, following these instructions: https://support.google.com/pixelphone/answer/4457705 If you have a different kind of android phone, look for updates available in Config -> About Phone -> System Updates. It’s possible some Android manufacturers will not release security patches. If there isn’t an update available for your Android phone, be aware that your best defense is to only download apps onto your phone that you really trust.
4. Upgrade your web browser: upgrade your laptop and mobile phone’s browser to the latest version.
- Upgrade Chrome on your laptop: https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DDesktop&hl=en&oco=2
- Additionally, enable automatic updates for Chrome by loading up this URL in your Chrome browser: chrome://settings/help
- Additionally, enable site isolation for Chrome, following these instructions: http://www.chromium.org/Home/chromium-security/site-isolation
- To upgrade Chrome on your iPhone: https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DiOS&hl=en
- To upgrade Chrome on your Android phone: https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DAndroid&hl=en&oco=2
- To Update Safari on iPhone: https://support.apple.com/en-us/HT204204 FYI: Safari is updated alongside iOS. If you followed Step 2 above, you’re covered.
- To update FireFox on your laptop: https://support.mozilla.org/en-US/products/firefox/install-and-update-firefox
Running a laptop or phone not mentioned on this list? Check out this list of vendors and security patches to determine when and how to update: https://www.us-cert.gov/ncas/alerts/TA18-004A
Thank you for taking the time today to keep yourself safe!
More information, for reference:
- https://krebsonsecurity.com/2018/01/scary-chip-flaws-raise-spectre-of-meltdown/
- https://source.android.com/security/bulletin/2018-01-01
- https://support.apple.com/en-us/HT208394
- https://www.schneier.com/blog/archives/2018/01/spectre_and_mel_1.html
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html