WHAT a way to start the new year. With a really BIG BANG!

The ‘brains’ of every smart device, the central processing unit (CPU), aka the ‘microprocessor,’ has been found to be susceptible to attacks. Yes folks, your PC, laptop, tablets, mobile phones and quite possibly all other devices that are built on Intel, AMD, and ARM chips—essentially everything and anything using processors that were released since 1995. Heck, including even cloud (internet) services that uses computers which uses these chips. See how far and wide this goes?

These vulnerabilities can allow attackers to run programs that can ‘snoop’ into the otherwise inaccessible parts of your computers’ brain and access information stored there. These could be anything from sensitive data to username and passwords.

Although the manufacturers have put some measure to prevent issues such as this (called a ‘microcode’ update), this particular hardware manufacturing defect unfortunately is one that cannot be resolved alone by such, owing to the sheer numbers that are already deployed. Replacing it on the other hand would be impractical and costly.

The burden now falls on the operating systems (OS), applications and other software that uses this hardware platform. And this is where it becomes a little bit tricky. Because the problem lies in the most critical component of the system, the applications or programs would have to figure out a way to bypass the use of that part (or function) of the CPU. This means updates, patches and to even some serious re-coding of their programs.

It’s like when I discovered that the cheap tires I bought to replace the old ones in my car were actually old stocks and were in fact already in an oval state (yeah being the cheapskate I ‘am – I love discounts!). Now, the very existence of everything running on top of these wheels are dependent on how long it will last. The suspension, chassis, seats, the passenger.

Your computer needs an operating system to run. To most people, this would be Microsoft Windows, APPLE macOS, and to some maybe Linus/Unix. Then on top of these, the actual applications or programs we use – Word, Excel, PowerPoint etc.

For mobile phones and tablets, it’s iOS and Android and on top of these, Viber, Facebook, Mobile legends – you get the idea.

So, if we update the operating systems, say Windows, this means that all the other programs that use Windows would have to adjust to that update (actually this is the usual events that happens after an update – notice why after a major update, all the others follow?).

The tightly knit dependency and interaction of operating systems and applications makes the patching and remediation a risky affair. Early reports of patches that were implemented have caused some other programs to malfunction and freeze the device. Other reports have anti-virus software preventing updates of the operating system. Considerable testing and validation should be the norm especially for patching critical systems.

Modern computer chips has this function that tries to guess what the program that it’s concurrently running would do in the future and tries to anticipate and perform the action. This is what is called ‘speculative execution’. If the guess is correct, the CPU saves time and this actually will make processing faster. If the guess is incorrect, the results are merely discarded. This is done because having a chance to be correct and speed things up is still better than having to waste idle time waiting for the next instruction. It’s a kind of high-tech fortune-telling.

And there’s the even bigger downer. Yes, you can patch and protect your system but guess what? Because those fixes were designed to remove/bypass the function of your CPU that was vulnerable, it actually also loses out on some of the benefits that it provides in the first place. Meaning, it will slow the performance of your device anywhere from 5 to 30 percent. These figures will vary depending on the type of applications that you are using.

The following have confirmed working on the patches and have either released or are about to release them: Intel, ARM, AMD, Apple, Google, Linux, Mozilla, Microsoft, VMWare, Citrix, Amazon, and many others.

Please note that not all the fixes will be released to the public at the same time. This will arrive in trickles and you will probably need to be on your toes for a while. Watch out for the new developments and updates from your devices and operating systems. Monitor their official blog sites or pages.

Also, please be wary of possible attacks that will take advantage of this situation. Malicious programs could masquerade themselves and try to pass off as patches or update to the Specter or Meltdown vulnerability. They thrive on these specific situations.