Meltdown and Spectre are two recently discovered security vulnerabilities that affect all modern processors, computing devices and operating systems. By taking advantage of design flaws in processors, attackers can see sensitive data in your computer that shouldn’t normally be accessible like passwords and encryption keys.

Meltdown takes advantage of the isolation that should occur between applications and the operating system. A program shouldn’t have access to operating system memory because different keys and passwords reside there, so the operating system restricts access to this kernel memory if a program attempts to read it. The problem is that CPUs were not enforcing this check during speculative execution resulting in the potential leak of sensitive information.

The Spectre flaw takes advantage of the speculative execution process.  In order to make computer processors run faster, the chip will guess what information the computer needs to perform next.

Think of it like a cooking recipe. If you are making a meal and see that you need to wash and chop vegetables, but also have to bake a turkey, you will realize the turkey baking in the oven can run in tandem with the chopping of vegetables.

A CPU does similar things to improve speed by seeing if there is work down the road that can be performed now. This is invisible to the user and all happens in the background. Spectre basically lets attackers read the secret data that the chip temporarily makes available when it tries to guess what function the computer should perform next.

To date there have been no reports of anyone using these vulnerabilities in the wild.

What is being done about it?

Computer companies like Intel, Microsoft, Apple, AMD and others have been working diligently to issue patches and mitigate the potential damage. Patching these vulnerabilities requires both software and BIOS/firmware updates.

However, these patches do not completely eliminate the risk as it will require a complete architecture redesign, which will take years to implement.  

In the meantime, it is vital to apply all applicable patches in order remain as secure as possible.

What can I do?

Here are steps you can take to secure your personal machines:

Laptop/Desktop Computer:

  1. Back up your data
  2. Update all internet browsers
  3. Update your anti-virus software
  4. Install the recommended software patches
  5. Install any firmware updates

Mobile Device (smartphone, tablet, etc):

  1. Back up your phone
  2. Update your OS to the latest version
  3. Install any carrier-specific updates if prompted

We also strongly recommend logging out of every page that requires credentials when you are done. Please do not save passwords in your web browser.


It is imperative to always have the latest browser version installed, as this is a common infection vector for malware and exploits.

Firefox: Current version is 57.0.4 (Current version at time of writing)

  1. Open Firefox.  Choose “Help” then “About Firefox” on next menu.
  2. Firefox should check and automatically update if it is out-of-date.
  3. Click on these links for more information about updating Firefox and security information

Chrome: Current version is 63.0.3239.132

  1. Open Chrome, click on the ellipses (three dots) at upper right and choose “Settings”
  2. In Settings, choose “Settings” in upper left and go to “About Chrome” on drop down:
  3. If not up-to-date, Chrome will start updating.  After the update Chrome will ask to relaunch to save changes.  No information should be lost if browsing at the time.

Safari: Current version is 11.0.2

  1. Open Safari, click About Safari
  2. If you see an older version, open the App Store to apply updates

Microsoft Internet Explorer and Edge: Current version is IE 11 and 41.16299.15

Microsoft Edge

  1. Open Edge, select the ellipses (three dots) at upper right and scroll to bottom of Window that opens to see “About this app”
  2. Updates for Edge should be done automatically in Windows 10 and 8.1.

Internet Explorer

  1. Open IE, select the “gear” and choose “About Internet Explorer”
  2. If already running Windows 10 and 8.1, Updates should be handled automatically.
  3. For Windows 7 computers, a manual download for IE 11 can be found if needed.

Operating Systems


Windows 7 Service Pack 1, Windows 8.1, and Windows 10 users need to apply both firmware and software updates

To check for updates go to Settings > Update & Security to see if there are any fixes in the queue.  

Windows 7- Click Start button > All Programs > Windows Update

To apply firmware updates, please consult your manufacturer’s website.


macOS 10.11.6, 10.12.6, and 10.13.2 include mitigations

To see what version you are running click on the Apple menu button in the upper-left hand corner of your screen and select About This Mac. If you are on a prior version open the App Store application, click on the Update tab and install all applicable updates.

iOS: iPhones and iPads

iOS 11.2 and newer include mitigations

Go to Settings > General > About and look for Version to verify what you’re running

Go to Settings > General > Software Update to download the latest version


Android 2018-01-05 Security Patch Level

If you have a Nexus 5X, Nexus 6P, Pixel C, Pixel/XL, Pixel 2/XL you should have an update downloaded and available to install. Other manufactures will take longer to get updates.

More information about Spectre and Meltdown