Google security experts found in June 2017 a combination of vulnerabilities in the way that several modern microprocessor models manage the data they handle.
A simple summary is that they allow almost any element of the machine to access the data in the memory of others. That is, a web script can access your keys, or an installed program can access the encryption elements.
Not only is it extremely serious, perhaps one of the most complicated combinations of vulnerabilities in history, it has been around the world for years and it is not known today if it was being exploited by a group of hackers or intelligence services.
This vulnerability gave access to virtually any element of a machine.
For more info, it is difficult to solve, and multiple teams of the leading technology companies have spent Christmas solved in secret before it was revealed.
— Michael Schwarz (@misc0110) January 4, 2018
Is my mobile/computer affected by serious security vulnerability?
The short answer is probably yes.
The long answer is that it depends on the processors that your computer, Smartphone or tablet has and the software you use.
If your computer has an Intel processor from 1995 onwards, you are affected. This includes the Pentium, Core Duo, Core 2 Duo, Core i3, Core i5, Core i7, etc. The Intel Atom since 2013 is also affected.
AMD processors also seem to be affected.
Google claims that some professional processors (outside of the consumer range) are affected, but AMD denies it. Interestingly, the Linux patch avoids running on AMD processors.
The short answer is yes”. The long answer is that you run to update your computer or your smartphone
You can confirm it by downloading this application for Windows or Linux created by Intel itself.
It is not clear if Apple computers with Intel processors are affected because the company maintains its own Kernel, but it seems that at least it is fixed in the latest version of High Sierra (10.13.2).
As for mobiles, the ARM architecture used in the vast majority of smartphones and tablets on the market are affected, but there are elements of “mitigation” installed in the design some time ago that try to eliminate the vulnerability being exploited.
Translation: not known for sure yet. Apple has not issued any statement on the iPhone and iPad, and Google has claimed that “they have not found any playback on Android devices with the ARM.”
How to protect my mobile/computer from serious security vulnerability?
These vulnerabilities go unnoticed to the antivirus, so the only way to protect yourself is to update the operating system on your computer. Microsoft has sent an emergency patch for Windows 7, Windows 8 and Windows 10. Go to Control Panel> Security> Windows Updates.
In Linux, a simple update of the system to the latest available version should put you safely in almost any distribution. On Mac, the only way to be securely protected is by installing High Sierra 10.13.2, the latest available version of Apple’s operating system. To install it, click on the apple in the top menu and then in the App Store or security updates. It’s speculative right now but for older computers, maybe versions 10.11.6 (El Capitan) or 10.12.6 (Sierra) are enough.
For Android, check if your device has pending updates. You can do it in Settings> System Updates. Check that you have the latest version available, especially in Settings> About the phone where you will see the date of the last Android security patch. If it tells you January 2018, you should not have a problem.
Your browsers are also in danger. Update Chrome to version 64 (current) and Firefox version 57 (current), while patching Windows should fix it for Internet Explorer or Microsoft Edge, the two Microsoft browsers. Mac Safari speculatively would have been updated also with the operating system itself.