By Megan Brewer —
U of L’s Information Technology said two major vulnerabilities were discovered on Intel hardware used worldwide. Dubbed “Spectre” and “Meltdown,” the flaws affect almost every university computer and device. This includes any device with computing hardware going as far back as 1995.
The vulnerabilities give hackers access to data and allow for data to be stolen from one site by another site on the same computer. This can include passwords saved on a computer through a site.
U of L’s IT Enterprise Security Manager Jacob Jeffers said there hasn’t been a computer or device exploited at U of L.
“At this time there are no real-world examples of this vulnerability being exploited anywhere but in a lab with controlled conditions,” Jeffers said.
These vulnerabilities can happen on any work or personal computer or device.
“The Meltdown and Spectre vulnerabilities affect a great number of modern CPUs (central processing units) and aren’t limited to Intel,” Assistant Professor in computer information systems Andrew L. Wright said. “Spectre affects most modern CPUs, including those used in smartphones. Meltdown is primarily affecting Intel CPUs, but some ARM processors are also affected.”
U of L computers with Windows operating systems taking part in the patch management system have already pushed the Meltdown patches.
“Spectre is harder to fix and will cause problems for years to come. CPUs will have to be entirely redesigned and deployed. This will take years and years,” Wright said.
U of L IT recommends checking for and updating any Windows or Apple device or computer to ensure the latest patches are present and lessen the risks of vulnerabilities.
U of L IT can be reached online or by phone (502) 852-7997.
Photo by Arry Schofield / The Louisville Cardinal