The Meltdown vulnerability in Intel chips shows that even hardware can have security issues – and a patch is still needed to fix it.
In an ideal world, one program can’t see data from another program or what the operating system is up to. But the Intel chip design flaw enables hackers to do just that – misuse one program to ‘meltdown’ these internal barriers so they can see what other programs and the operating system are doing. This vulnerability gives hackers the ability to uncover private things like saved passwords or browser history.
It’s a huge problem, impacting virtually every computer and device dating back to 1995.
The solution to this hardware vulnerability is a patch from the operating system developers. Apple and Google have released their patches and Avira AV products for Mac OS and Android are compatible with them. Microsoft has already started rolling out this patch (security update KB4056892, OS Build 16299.192) to its users. However, this comes with a warning that “Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Antivirus ISV has updated the ALLOW REGKEY.” If an AV does not do this critical step, the user might encounter two problems: the Blue Screen of Death or, potentially much worse, not receive or be informed of future Windows updates from Microsoft.
Aware of this, Avira has been hard at work to ensure there are no compatibility issues that can hit our users. Before the rollout started, we have reviewed the Microsoft hotfix build, conducted our own in-house testing, and have fully verified we met Microsoft requirements. With our latest updates, Avira Antivirus Free and Avira Antivirus Pro are compatible with the Microsoft patch. We recommend to our users to opt for automatic updates of their antivirus software as well as to install all Windows updates immediately.
The importance of patches
Vulnerabilities – big and small – are an inescapable element of software. And so are the patches needed to fix these holes. So far, due to the legions of developers working on these patches, there are no reported examples of these vulnerabilities being weaponized by hackers. But Meltdown is not the only vulnerability around.
A key element in your online safety is keeping the device fully patched, making it more difficult for hackers to take over your device and hit you where it counts – the pocketbook. While Microsoft is taking care of this patch by pushing it out to users – that won’t happen all the time with all the software apps on your device. Think about getting a software updater such as the Avira Software Updater to make sure your software is always at its best. Today you might avoid having a meltdown. Tomorrow it could be something worse.