Meltdown and Spectre Flaws — What They Are and What to Do

Apple Security

There has been a lot of discussion about the Meltdown and Spectre flaws. Here is, perhaps, the most comprehensive discussion you’ll find by Peter Bright over at ars technica. “Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are doing about it.

Apple Security

Here is Apple’s official response: “Apple Says Meltdown Was Patched in iOS 11.2, macOS 10.13.2, and tvOS 11.2, with No Measurable Impact to Speed.

Now that you’re fully briefed, how to respond? OSXDaily has very good advice. “How to Protect Against Meltdown & Spectre Security Flaws.

One observation here. When flaws like this are found, responsible researchers alert the manufacturers. For example, Microsoft and likely Apple have been working on fixes and mitigations since November, 2017. However, you won’t find these fixes described publicly until the manufacturers have done all they can and rolled out updates.

And so, this is why it’s so important to upgrade your OSes, as OSXDaily advises, very soon after release. If you have an Apple device, Mac, iPhone, iPad, Apple TV that cannot run the latest release of macOS, iOS, tvOS, the smart thing to do is trade it in (or decommission it) and purchase new equipment.

It may cost a little out of pocket, but this is the price we have to pay to stay ahead of the bad guys. Failure to stay updated is just asking for trouble.

Next Page: The News Debris For The Week of January 1st. The Net Neutrality fight is just getting started.

6 thoughts on “Meltdown and Spectre Flaws — What They Are and What to Do

  • I keep hoping that Homepods will be some nice speakers I can setup in an awesome 7.1 system and also have in a few other places to have music/radio/podcasts follow me around the house or garage.

    I want to be tapped into my music collection in a much greater way and a Siri enabled speaker set might be nice.

  • So MS wants to get rid of the password? Around twelve years ago I did a presentation at U of MN
    NetPeople about this. Back then I argued that any password that a human was able to remember and type was not secure enough. Conversely any password that was secure was impossible for a human to keep track of. Especially if people must have a bunch of different ones. I also argued that Password Managers, like Password1 were just a stopgap to manage this mess, not fix it. What was needed was a different approach to security. Security, technology, and the bad guys have only gotten more advanced in the last decade. It’s true now more than ever.

    However I’m still dubious about biometrics. All your fingerprint does is trigger a digital template inside the system. The digital template is just a very long password/code/hash based on your body part. Crack the hash and you don’t need the fingerprint, face, iris, or whatever.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.