clock menu more-arrow no yes

How worried should I be about the Spectre and Meltdown security flaws?

Axios’ Ina Fried says most consumers might be okay — if they update their systems ASAP.

If you buy something from a Vox link, Vox Media may earn a commission. See our ethics statement.

Thomas Samson / AFP / Getty Images

In June 2017, Google researchers discovered major security vulnerabilities in common computer processors, which were disclosed to the public earlier this month. And you should pay attention — because those vulnerabilities affect the computer processors that are in almost everything.

“This is actually a flaw in the way chips have been designed for more than the last decade,” Axios chief technology correspondent Ina Fried said on the latest episode of Too Embarrassed to Ask. “Basically, it is really all chips — the chips in your phones, the chips in your PCs, the chips potentially in other things.”

The flaws, known as Spectre and Meltdown, take advantage of how modern chips do calculations in advance for things they might need to do in the future. Fried explained that this makes certain tasks faster for some users, but opens the door for hackers to steal data that would normally be locked away if that user is running a malicious script.

“If you think of this as a bank, right now it’s easy to go back and forth between the lobby of the bank and the high-security vault,” she said. “To close that, [companies are] making it really hard to get between those two things.”

“You had these chips that were incredibly powerful, and they had extra brain cycles and people were like, ‘What do we do with these extra brain cycles?’” Fried added. “What surprises me isn’t that they went to that, it’s that they didn’t foresee [that] unlocking the bank vault could cause problems. Nobody in the industry seemed to have seen it.”

You can listen to the new podcast on Apple Podcasts, Spotify, Pocket Casts, Overcast or wherever you listen to podcasts.

On the new podcast, Fried said the advice for consumers is easy: Patch your devices to the latest updates. But unfortunately, not everyone with a smartphone may have that option yet.

“I think what we’re going to see over time is, if there are exploits, Android is more vulnerable because people don’t fix their Android systems,” Fried said. “Even though Google has put out a patch, that’s not the same as the phone maker. Samsung might not have put out a patch. [And] the different chipmakers — it’s just a more crowded atmosphere.”

“Apple has said a little less,” she added. “They’ve said, ‘We’ve updated iOS and Mac OS.’ As is typical, they don’t go into a ton of detail about how vulnerable they were. They do have the advantage, though, that they can see the software, the chips and the hardware, and they can be more elegant in the way they fix it, because they control all those things.”

Have questions about Spectre and Meltdown that we didn’t get to in this episode? Tweet them to @Recode with the hashtag #TooEmbarrassed, or email them to TooEmbarrassed@recode.net.

Be sure to follow @LaurenGoode, @KaraSwisher and @Recode to be alerted when we’re looking for questions about a specific topic.

If you like this show, you should also check out our other podcasts:

  • Recode Decode, hosted by Kara Swisher, is a weekly show featuring in-depth interviews with the movers and shakers in tech and media every Monday. You can subscribe on Apple Podcasts, Spotify, Pocket Casts, Overcast or wherever you listen to podcasts.
  • Recode Media with Peter Kafka features no-nonsense conversations with the smartest and most interesting people in the media world, with new episodes every Thursday. Use these links to subscribe on Apple Podcasts, Spotify, Pocket Casts, Overcast or wherever you listen to podcasts.
  • And finally, Recode Replay has all the audio from our live events, such as the Code Conference, Code Media and the Code Commerce Series. Subscribe today on Apple Podcasts, Spotify, Pocket Casts, Overcast or wherever you listen to podcasts.

If you like what we’re doing, please write a review on Apple Podcasts — and if you don’t, just tweet-strafe Kara and Lauren. Tune in next Friday for another episode of Too Embarrassed to Ask!


This article originally appeared on Recode.net.

Sign up for the newsletter Sign up for The Weeds

Get our essential policy newsletter delivered Fridays