investorschatroom.com

Science

Apple: Mac And iOS Vulnerable To Meltdown And Spectre Flaws

Share
Hardware fixes are by nature much slower and more difficult than software fixes. tcareob72/Thinkstock

Advice from the U.S Computer Emergency Readiness Team's was grim.

So what should Apple users do? He warned that this should protect users for now, but the fact that malicious actors will continue to find ways to exploit the Meltdown and Spectre flaws "make it clear that CPU architecture decisions need to be rethought".

Apple says it as of now discharged "alleviations" in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help safeguard against Meltdown.

Microsoft has also acknowledged the issue and told CNBC (via email), "We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, Arm, and AMD".

Microsoft said it had been aware of the vulnerabilities and had been working on fixes for some time.

Like other big tech companies that are scrambling to deal with the problem, Apple sought also to reassure users.

Apple has issued a statement confirming the design flaw vulnerabilities on ARM-based and Intel CPUs impacts all Macs and iOS devices. The second bug named Spectre meanwhile affects chips made by Intel, ARM and AMD and lets hackers to trick "error-free applications" to shell out sensitive information.

Meltdown could have devastating effect for cloud providers as Google researchers were able to demonstrate reading of host memory from a KVM guest OS.

More Snow for Christmas Eve!
Temperatures in the upper 30s to low 40s will feel more like the upper 20s to lower 30s during the day. Measurable snow on Christmas Eve in Seattle is a rare event, according to NWS Seattle officials.

3GPP declares first 5G NR spec complete
At the 3GPP RAN Plenary meeting in Lisbon, Portugal, which I'm actively participating in, 3GPP successfully completed the first implementable 5G NR specifications that define the first phase of the global 5G standard .

Apple admits to slowing iPhones batteries as they age
Apple issued a statement Thursday saying the company has used software updates to limit older model iPhones' performance. Not everyone was happy with Apple's explanation, or the fact that the company called slowing down its products a feature.

Spectre and Meltdown are serious vulnerabilities that take advantage of the speculative execution mechanism of a CPU. Data is supposed to be protected and isolated, but researchers discovered that in some cases, the information can be exposed while the processor queues it up.

Apple further explains that for these bugs to really affect one's systems, they need to rely on apps with malicious code. Meltdown appears to be specific to chips made by Intel.

Browser makers Google, Microsoft Corp and Mozilla Corp's Firefox all confirmed to Reuters that the patches they now have in place do not protect iOS users.

Apple remained silent for more than a day about the fate of the hundreds of millions of users of its iPhones and iPads.

These two sophisticated bugs matter especially to enterprises that deal with a lot of network traffic and considerable processing power - things like cloud providers, retailers that process consumer transactions, and medical systems that crunch data.

The Software Engineering Institute, a USA -government funded body that researches cybersecurity problems, initially said the only way to fully remove one of the vulnerabilities is to completely replace the affected processor. But that's not realistically going to happen anytime soon.

Replacing all the affected processors quickly would be impossible: there now are none available to replace the vulnerable ones with the same kind of functionality.

Share