How to protect devices from Spectre and Meltdown chip flaws

12 Января, 2018, 03:34 | Author: Arnold Perez
  • How to protect devices from Spectre and Meltdown chip flaws

The flaws - dubbed Meltdown and Spectre - affect processing chips made by Intel, AMD and ARM Holdings. Even traditionally exploit-resistant operating systems, like Apple's iOS, are vulnerable. Although Google Project Zero spearheaded the effort, most of the researchers involved are independent of Google.

"The defect renders the Intel x86-64x CPUs unfit for their intended use and goal", the complaints read. The Computer Emergency Response Team, the United States' primary defense against computer attacks, went so far as to say the only real way to fix Spectre is to replace processors that have the flaw.

Researchers said nearly every computing system - desktops, laptops, smartphones, and cloud servers - is affected by the Spectre bug. The other, Spectre, is harder to fix, but also harder to exploit, making it less of an immediate threat to consumer devices. The long-term solution may rely on a hardware redesign, he said, with software patches acting to monitor and stop malicious behavior. Kalember also noted that being attacked using Meltdown or Spectre is "highly unlikely".

Taken together, the right and wrong guesses still process data faster than just waiting around for every instruction to be executed in a serial fashion, one after another. "They will improve on it". Researchers have identified a security flaw in the computer processors made by three of the world's biggest chip designers, Intel, AMD and ARM, and a second flaw in Intel chips. These will be similarly impossible to fix, and the only strategy will be to throw our devices away and buy new ones.This isn't to say you should immediately turn your computers and phones off and not use them for a few years.

The story also raises an important issue about the responsible disclosure of such security flaws. "Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available", the company said. The company said it will be issuing updates for Safari on MacOS and iOS in the coming days, to guard against any potential exploit in JavaScript on the web browser.

Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown.

Читайте также: Tunisia protests: Hundreds arrested

Microsoft said in a statement Thursday that it is not aware of any of these vulnerabilities being used against its customers.

The first called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer's memory, potentially letting hackers read a computer's memory and steal passwords.

The company said it has already updated its operating systems to defend against Meltdown.

Spectre shares similarities to Meltdown, but is much more sophisticated and wide-reaching. "There may end up being cases that are workload or OS specific that experience more of a performance impact".

The vulnerabilities, nicknamed Meltdown and Spectre, can cause data to leak from kernel memory.

"It's a positive thing that we have independent verification - researchers looking for vulnerabilities", Daly said. On a cloud service, each server is typically shared by many different customers.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2018 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Recomendado:



Popular

Jefes diplomacia europea reafirman compromiso con acuerdo nuclear iraní
El ministro alemán de Exteriores, Sigmar Grabiel, reiteró que Europa quiere proteger el acuerdo contra cualquier posible decisión para socavarlo, venga de donde venga.

Cambridge-based Redux bought by Google
According to Crunchbase , Redux has also previously raised more than $5 million in funding before it was acquired by Google. On Ivanov's profile page, it says that Redux achieved a "successful exit" in August 2017, but it does not state the buyer.

The first white chocolate Cadbury's Creme Egg has been found
There's only one £2k prize and 33 remaining eggs worth £1,000, and the rest are worth smaller amounts. She has yet to decide what to spend her winnings on but is now thinking about planning a holiday.

Louisiana taxpayers can start filing state taxes on Jan. 29
The Louisiana Department of Revenue will start to accept individual state income tax returns Friday, January 29. The Senate's FY 2018 Financial Services spending bill would provide $11 billion for the IRS.

'All signs' pointing to Matt Patricia as Giants head coach
The Giants will hold their sixth and final interview with former Broncos running backs coach Eric Studesville on Wednesday. Patricia was on the sidelines for both of them, first as the Patriots' linebackers coach and then as their safeties coach.

Iran's supreme leader accuses US & Britain of trying to overthrow Islamic republic
Abul-Nour added that the support gives an excuse to the Iranian regime to accuse the protesters of being agents and traitors. Demonstrations broke out across Iran last month fueled by anger at the lackluster economy and official corruption.

Alabama receiver Calvin Ridley says he will enter draft
Another standout, running back Damien Harris, will forgo the draft and come back for his senior season, according to the website. Alabama junior receiver Calvin Ridley and junior defensive lineman Da'Ron Payne are also leaving for the draft.

La petición de Messi que destrozó a Abidal
No nos envíes más cosas así, que nos hace daño", contó Abidal . " Era un sufrimiento que no lo deseo a nadie ", agregó Abidal . Allí, el ex jugador reveló la reacción que tuvieron sus compañeros en el equipo catalán al verlo tan débil.

IRAN ON EDGE: Tehran ARRESTS THOUSANDS as Regime Hangs On
The protests have since dwindled amid arrests of more than 3,700 people, according to one Iranian lawmaker. The window for congressional action on those limitations closes in March.

Jack in the Box considers kiosks as minimum wage rates grow
The state of California, where Jack in the Box is based, is set to raise the minimum wage to $11 this year and $15 in 2023. Follow Business Insider Australia on Facebook , Twitter , LinkedIn , and Instagram .

Tendencias