Security Flaws Put Virtually All Phones, Computers at Risk
January 3rd, 2018Update: Security Flaws Put Virtually All Phones, Computers at Risk
Update: All Macs, iPhones and iPads Affected
Via: The Verge:
Apple confirmed on Thursday that all Mac and iOS devices are affected by the Meltdown and Spectre CPU flaws that have roiled the computing industry for the past 24 hours, resulting in a race to patch operating systems and cloud computing infrastructure at the highest levels.
“‘All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” the company writes in a blog post. “Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.”
—
It’s not that bad, it’s worse.
Via: Reuters:
Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings.
—
Via: Guardian:
A security flaw has been found in virtually all Intel processors that will require fixes within Windows, macOS and Linux, according to reports.
Developers are currently scrambling behind the scenes to fix the significant security hole within the Intel chips, with patches already available within some versions of Linux and some testing versions of Windows, although the fixes are expected to significantly slow down computers.
The specific details of the flaw, which appears to affect virtually all Intel processors made in the last decade and therefore millions of computers running virtually any operating system, have not been made public.
But details of the fixes being developed point to issues involving the accessing of secure parts of a computer’s memory by regular programs. It is feared that the security flaw within the Intel processors could be used to access passwords, login details and other protected information on the computer.
The fixes involve moving the memory used by the core of the computer’s operating system, known as the kernel, away from that used by normal programs. In that way, normal programs, including anything from javascript from a website to computer games, cannot be manipulated to exploit the hole and gain access to the protected kernel memory.
But implementing the fix is expected to significantly affect the performance of the computer, making some actions up to around 30% slower.
http://slow-science.org/