NEW YORK — Spectre and Meltdown, the two major flaws discovered in computer processors, could allow cybercriminals to steal passwords or other sensitive data. And experts are on the lookout for them.
The flaws have existed in modern processors for 20 years, but news surfaced last week that virtually all computers and smartphones are affected by the bugs.
So far, there is no evidence that hackers have exploited the vulnerabilities.
But it’s only a matter of time before attempts are made, according to Matt Tait, a senior fellow at UT Austin’s Strauss Center.
“We’ll absolutely see in the next few weeks and months people using this vulnerability, especially in the web browser to steal passwords,” Tait told CNNMoney.
Many tech companies were made aware of the flaws long before the news was made public and have been working on fixes for consumer products and services.
Consumers who keep their web browsers, apps and devices up-to-date should be protected from anyone trying to use these vulnerabilities.
“If you install your security updates, you will get new clever software features designed to protect your computer,” Tait said. “When your browser updates, it will prevent websites from attacking your processor and stealing your password.”
Apple, Google and Microsoft have released some patches that mitigate bugs.
Hackers would need access to a device before they could steal information from it.
There are many ways hackers can steal personal information. For example, phishing campaigns can trick a person into providing log-in credentials or malicious software that takes advantage of outdated systems.
That’s why it’s so important to keep smartphones and computers up-to-date and to only download software from trusted sources.
Spectre and Meltdown are highly unusual flaws. Because they affect hardware, fixing them requires a different strategy than any other type of bug — companies had to build new defense mechanisms.
According to Tait, companies have been working in secret for months figuring out how the vulnerabilities work, and making changes to how their operating systems, web browsers and other services operate in order to keep users secure.
“All these tech companies had to invent completely brand new types of computer science,” Tait said. “They invented an entirely new way of a system protecting itself.”