used with permission from Norton by Symantec
Spectre Next Generation — reportedly a new set of vulnerabilities in modern computer processors — could put your data at risk.
Heise, a German online computer publication, reported on the security issue in March 2018. It said eight new vulnerabilities had been identified.
The security flaws seem to pose the most risk to companies that provide cloud hosting or cloud services, according to the Heise report. Hackers may be able to gain access to data transfers and data.
What does this mean for you?
“The concrete danger for private individuals and corporate PCs is rather small, because there are usually other weak points which are easier to exploit,” the Heise report said. “Nevertheless, they should be taken seriously.”
Background on Spectre Next Generation
Spectre Next Generation, or Spectre NG, takes its name from a previously discovered vulnerability, Spectre, which was first reported in 2017.
Spectre and Meltdown — another vulnerability discovered in processors in 2017 — have reportedly affected billions of devices.
Processor manufacturers typically release patches and updates for security flaws.
Patches for Spectre Next Generation are in the works, according to published reports. Two batches will be released: one as early as May 2018, the other in August 2018.
How do vulnerabilities like Spectre NG work?
The Meltdown and Spectre processor vulnerabilities affect personal computers and mobile devices, as well as data processing in the cloud.
The hardware vulnerabilities can potentially allow programs to steal data that is being processed on the computer’s chip.
Programs typically are not permitted to read data from other programs. But a malicious program can exploit Meltdown and Spectre to access data stored in the memory of other running programs.
Here are the types of information hackers might be able to access:
- Passwords stored in a password manager or browser
- Personal photos
- Instant messages
- Documents containing personal information
How to help protect against these vulnerabilities
Upcoming Spectre NG updates should be installed quickly after their release.
Norton can help users protect against some instances of threats like these. If you run into any issues installing patches, you should first make sure your Norton product definitions are up to date, then apply operating system patches immediately afterward.
Updates have been released for Microsoft Windows, Apple macOS, and Linux to patch Meltdown. Spectre is reportedly more difficult to patch, but also more difficult to exploit.
Work continues by all parties to harden the software against any potential exploits.
How to help protect cloud data
Spectre, Meltdown, and Spectre Next Generation security flaws also affect the cloud. Cloud data is stored on physical servers that may use vulnerable processors. That’s why some of these systems could become vulnerable to hacks.
It’s a good idea to check with the cloud storage provider to see if their systems are affected by a particular vulnerability. If so, ask your provider what to do to help protect important data.