What You Can Do Now to Protect Against the Chip Flaws

While tech giants grapple with the chip security flaws disclosed this week, there are steps people can take now to mitigate potential harm to their iPhones, Windows PCs, Android devices and other gadgets.

The most important is ensuring software on any device is up to date. Apple Inc. acknowledged late Thursday that its mobile devices and computers -- even the Apple TV -- are affected by one of the vulnerabilities, called Meltdown, but said it already issued updates to fix the problems.

For iPhones and iPads, iOS version 11.2 released last month includes the latest fix. You can update via the Settings app. For Macs, Apple pushed out version 10.13.2 to its High Sierra operating system last month. Users can find the update by clicking "About this Mac" under the Apple icon.

Android devices are trickier. That's because the open-source nature of Google's operating system, which allows phone makers to use the software free, gives the Alphabet Inc. unit less control over pushing out updates.

Google said it already protected its own line of Nexus and Pixel phones, but isn't sure how many phones from other manufacturers are receiving the updates. Customers should check with device manufacturers and wireless carriers to see if their devices are patched. Chromebooks and its Chrome browser, the company said, will receive patches by Friday, but users must turn on the "site isolation" feature. Instructions are available here: https://support.google.com/chrome/answer/7623121.

Microsoft Corp. is issuing several patches for various versions of its Windows operating system. Window 10 devices should automatically download and install the update, and users can check their update history under settings. The company released patches for Windows 7 and Windows 8, and those will automatically update next week.

The Spectre vulnerability can be exploited on personal devices through browsers, and browser makers are scrambling to update those applications.

Mozilla began updating its Firefox browser already. Customers waiting for updates to any browser, such as Google Chrome or Microsoft Edge, could install an ad-blocking service such as uBlock Origin, said Jeremiah Grossman, chief of security strategy with SentinelOne, an anti-malware company. The blocker could prevent websites from showing ads that may house malicious code, he said.

One reason not to panic just yet: Security researchers who discovered the chip flaws said exploiting them is so complex, hackers are likely to continue relying on common techniques such as phishing. The chip flaws could be more useful for hackers targeting computer servers or high-priority devices.

Write to Jay Greene at Jay.Greene@wsj.com

(END) Dow Jones Newswires

January 04, 2018 23:46 ET (04:46 GMT)