The situation is one that centers on information disclosure, not code execution (a far more damning issue to deal with). The key thing to remember is not to panic, as the sky isn't about to come crashing down. As things change, or new information becomes available, this article will be updated. Here's a breakdown of all the things you need to know. ![]() Called Meltdown and Spectre, the discovered attack possibilities are rather severe, as they impact pretty much every technical device on the network or in your house (PCs, laptops, tablets, phones, etc.). What you need to know about Meltdown & Spectre:Īs you've likely heard by now, there are some problems with Intel, AMD, and ARM processors. ![]() In order to "prevent AMD customers from getting into an unbootable state," Microsoft said, OS giant has temporarily paused sending the following Windows updates to devices with impacted AMD processors: ![]() "Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates," Microsoft said in an advisory. Support forum posts are centered mostly on older Sempron and Athlon chips, the largest thread on the issue has more than 150 responses so far. watchOS is unaffected by Spectre.Please note, Microsoft has suspended Windows security updates related to this issue on systems with older AMD CPUs, after a documentation mix-up led to the systems being unable to boot after patches were applied. We continue to develop and test further mitigations within the operating system for the Spectre techniques. On January 8th Apple released updates for Safari on macOS and iOS to mitigate such timing-based techniques. Testing performed when the Safari mitigations were released indicated that the mitigations had no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark. Spectre is a name covering multiple different exploitation techniques, including-at the time of this writing-CVE-2017-5753 or "bounds check bypass," and CVE-2017-5715 or "branch target injection," and CVE-2018-3639 or “speculative bounds bypass.” These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.Īnalysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. We continue to develop and test further mitigations for these issues. Apple Watch is not affected by either Meltdown or Spectre. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.Īpple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Security updates for macOS Sierra and OS X El Capitan also include mitigations for Meltdown. To help defend against Spectre, Apple has released mitigations in iOS 11.2.2, the macOS High Sierra 10.13.2 Supplemental Update, and Safari 11.0.2 for macOS Sierra and OS X El Capitan. ![]() All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at the time of this writing. These issues apply to all modern processors and affect nearly all computing devices and operating systems. Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |