Apple says iOS is vulnerable to Meltdown and Spectre issues

Hardware fixes are by nature much slower and more difficult than software fixes. tcareob72/Thinkstock

Hardware fixes are by nature much slower and more difficult than software fixes. tcareob72/Thinkstock

"NCSC advises that all organisations and home users continue to protect their systems from threats by installing patches, as soon as they become available".

According to Intel, Krzanich's divestments were unrelated to the security flaws. For example, a JavaScript application running in a browser on a website could potentially access your computer's kernel memory and rip through any information held there.

"In terms of real-world risk, it's another day in information security", said Kenneth White, security researcher and co-director of the Open Crypto Audit Project. The company said today that all of its Macs and iOS devices are vulnerable to the same issues.

Android devices running the latest security update, including Google's Nexus and Pixel smartphones, are already protected.

Microsoft said in a statement Thursday that it is not aware of any of these vulnerabilities being used against its customers.

We haven't heard much from Microsoft yet about the flaw, but it's expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday this month, after seeding them to beta testers running fast-ring Windows Insider builds in November and December.

However, despite all of this work, Williams noted that with the Meltdown patches specifically, "the patch does not address the core vulnerability, it simply prevents practical exploitation".

The two security issues, dubbed "Meltdown" and "Spectre", affect almost every modern computing device - including smartphones, tablets, and PCs.

Researchers first announced the two flaws affecting virtually all computer processors on Wednesday. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time".

If your laptop/desktop/server vendor has provided extra chipset firmware updates, you can get them from their official sites, install them, and complete the patch.

Issuing the alert yesterday, the Singapore Computer Emergency Response Team (SingCert) said: "The vulnerabilities enable attackers to steal any data processed by the computer".

It's something no one had realized was an issue for 20-some years.

Google's Project Zero security team became aware of the flaws late past year and said it had been working to protect its services, including G Suite applications and Google Compute Platform (GCP). Google too has listed out a set of devices and software that need to be updated to the latest version for protection against these bugs. These patches "scramble" how kernel memory is stored, making it impossible for applications to exploit the flaw.

Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. "Exploits for these bugs will be added to hacker's standard toolkits", said Guido.

Últimas noticias