How to update all your operating systems and browsers to stop Meltdown and Spectre
The huge security problem posed by the Meltdown and Spectre attacks continues to give a lot of talk and causes some confusion among users.
There are many manufacturers and developers who are already offering solutions to the problem, and here you can find important information that will let you know if you are affected, and how to update your devices to keep you safe from possible security problems.
Some anti-virus products blue screen with the Meltdown patch installed, so on Windows clients and Windows Server the patch is disabled unless the AV provider does an update and adds their own compatibility key (!!!!!)
— Kevin Beaumont (@GossiTheDog) 4 de enero de 2018
In fact in an additional note Microsoft explained that the update could come into conflict with some antivirus, which could lead to serious errors and show the famous “blue screens of death.” If something like this has happened to you, you have at your disposal a document to try to solve the problem, although the advice here is, before applying an update, create a restore point from the Windows Configuration.
At Microsoft they have recommended installing a compatible antivirus or using Microsoft Security Essentials to avoid the problem. They have also revealed that for Windows 7, Windows Server 2008 R2 and Windows Server 2012 users, antivirus developers must use a specific registry key to solve the problem.
According to a recent Google document, a security update to be released on January 5, 2018 will include mechanisms to mitigate the problem and help protect our phones, but more updates will be provided to include more patches in this regard.
Those updates will probably come first to the new Pixel 2 or the first generation Pixel, while other devices from the official Google family will also be able to access these updates especially fast.
For the rest of mobile devices based on Android, the updates will depend on each manufacturer, so it is advisable to consult support and customer service if we want to obtain more information about it. It is hoped that in this case these updates will occur as soon as possible.
The Google browser also already has mechanisms to protect our browsing sessions. Next January 23 will be published Google Chrome 64, the new version in which these mechanisms will be activated by default.
One of those mechanisms is called Site Isolation, which allows you to isolate websites in different memory address spaces to avoid problems. This mechanism can be activated manually in current versions of Chrome.
For this you have to go to the address “chrome://flags/#enable-site-per-process” in the browser, which will present the option marked in yellow and, next to it, a “Enable” button. After doing so we will have to restart the browser, which will be activated that mitigation system of the problem.
In the case of Chrome OS if users are using a 3.18 or 4.4 kernel (you can find that information by opening a terminal with the combination Ctrl + Alt + T and then typing ‘uname -a’) those versions are already patched with the mechanism Kernel Page Table Isolation (KPTI) in Chrome 63 or higher. Chromebooks based on ARM (the full list is here) are not affected by the problem according to Google, but they will still patch these products with KPTI later on as well.
Those responsible for the Mozilla security blog have also discussed the problem, and explain how their own tests confirm that these attacks make it possible to use “similar web content techniques that read private information from different sources.”
Those responsible for Mozilla have followed a path similar to that of Microsoft with Edge, and have updated all their browsers (in all channels) since version 57 to modify the way in which the function performance.now () behaves.
They have also disabled the ‘SharedArrayBuffer’ feature that also posed a risk to these browsers, but they are also working on applying other measures to avoid possible attacks in this area. So, if you are Firefox users you will only have to update your browser to be able to count on these changes.
Microsoft Edge e Internet Explorer 11
The Microsoft browser could also be affected by the problem, and the update published yesterday was also aimed at mitigating the problem in both Microsoft Edge and Internet Explorer 11.
In a published document, they explain what techniques they have used to avoid the threat posed by Meltdown and Spectre.
For this, they explain, they have eliminated the support of the “SharedArrayBuffer” feature, and they have also changed the internal functioning of one of the internal functions to make it more difficult for one process to “gossip” in the memory of another.
Parches de Apple macOS e iOS
If you are an iOS or macOS user, we have much less data to share. The extent of the problem on their desktop, laptop, tablet and mobile PCs is still unknown, and Apple has not made any statement at the moment.
The question on everyone’s minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the “Double Map” since 10.13.2 — and with some surprises in 10.13.3 (under Developer NDA so can’t talk/show you). cc @i0n1c @s1guza @patrickwardle pic.twitter.com/S1YJ9tMS63
— Alex Ionescu (@aionescu) 3 de enero de 2018
What it has done is apparently correct the problem in macOS High Sierra 10.13.2, and there will be more developments in this regard in version 10.13.3 of its desktop operating system. There is no information about patches for previous versions of macOS / OS X, nor information about iOS.
It is not clear if the Apple processors used on their iPhone and iPad are affected and how. Our Applesfera colleagues have contacted Apple managers but at the moment there is no news, so for now we can only wait and, if possible, update our devices based on macOS and iOS as soon as possible.
ARM also offers patches
Those responsible for ARM explain that “most processors are not impacted” with the problem of speculative execution, which they discussed in depth in a recent whitepaper (PDF).
In the latest revision of that document, they also emphasize that this method of attack depends on “malware running locally”, which makes it very important for users to “update their software and avoid suspicious links or downloads”.
The affected processors are revealed in the document, and among them are the Cortex-A57 or Cortex-A72 widely used in SoCs of different manufacturers. In all cases, they emphasize how, even though they are affected, these variants of their mobile CPU designs have a way of “mitigating” the problem.
The ARM engineers divide their solutions to the problem in the three variants that present the Meltdown and Spectre vulnerabilities, and have published patches for the Linux kernel that allow avoiding the problem, in addition to recommending the application of the ARM Trusted Firmware patches.