'Security flaws' in computer chips built by Intel and rivals

'Security flaws' in computer chips built by Intel and rivals

Instead, they impact everything from phones to PCs and servers. "It will not take long for the security flaw to be exploited in the wild". January 3rd saw the disclosure of two serious flaws in the design of the processors that power most of the world's computers. Easily ranking alongside Heartbleed, Krack and Shellshock. But if it had happened already, we wouldn't know about it.

A related attack, which they call Spectre, is potentially wider reaching because it "breaks the isolation between different applications. That is the actual heart of the computer". There are many more Intel chips in the world today than there were then. In November, researcher Kevin Finisterre discovered a vulnerability in the products of drone manufacturer DJI and reported the issue to the firm.

The issue likely impacts most Intel computers sold for the past two decades.

So, what do the vulnerabilities do?

Researchers also found earlier this year that Site Isolation is effective against many other types of attacks. Rival Tencent Holdings said it was in contact with Intel regarding possible fixes but wasn't aware of any attempted attacks so far, according to Bloomberg. In the case of Spectre, although it seems to be harder to exploit, the flaw is even more widespread. Unusually, the exploit, called Meltdown, takes advantage of the processors' hardware rather than a software flaw, so it circumvents security schemes built into major operating systems.

Experts say customers should download these fixes ASAP to protect sensitive data from hackers; that includes stored passwords, emails, photos and instant messages. Gruss and his colleagues tested it on an Intel Skylake processor and saw less than a 1-percent performance loss.

Two critical architectural flaws in CPUs that allow applications to read kernel memory have been discovered.

The bad news is these updates may work to slow our computers and phones down, and according to Dr Yarom, because the vulnerabilities exist in the hardware itself, software upgrades may not be enough.

Researchers warn that Spectre is harder to exploit than Meltdown but is also harder to mitigate. "We'll need to redesign operating systems and how CPUs are made".

How big is the risk?

Consumers can mitigate the underlying vulnerability by making sure they patch up their operating systems with the latest software upgrades. And it's pretty much the same as protecting your data from ransomware. A previously submitted patch to the Linux kernel to address Meltdown has been modified to exclude AMD.

There's a catch though; a fix for Spectre hasn't been created.

Has anyone been hacked this way yet? Mozilla says it's also implementing a short-term mitigation that disables some capabilities of its Firefox browser.

Google said that all products have been updated but that a new security update, dated 5 January, will be released. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.

Microsoft: The company says a patch has been made available for Windows 10 machines and it will automatically be applied. "The remaining ones will be completed in the next several hours, with associated instance maintenance notifications".

Apple: The company has not publicly commented on the issue.

Palmer likened the security flaws to a weakened immune system.

Linux: The operating system already has a patch.

Experts say the defects can't necessarily be fixed with software upgrades, and complete re-designs of computer processors may be needed.

Artículos relacionados

  • Injuries, suspensions and line-up vs Leicester — Liverpool Team News

    Injuries, suspensions and line-up vs Leicester — Liverpool Team News

    Mauricio Pochettino's side would add two more to complete an empathic 4-1 rout. "We'll see what he can do for the next game". Not in their performances but with a justification for splashing out a world-record fee for a defender on Virgil van Dijk.

    Jerusalem is not for sale

    It demands that all member-states not recognize any actions that are contrary to UN resolutions on the status of the city. Banning dog walkers year-round, including on weather-prohibitive days when golfers are few or absent is senseless.
    Sorry Ronaldo, Messi's the greatest — Rakitic

    Sorry Ronaldo, Messi's the greatest — Rakitic

    Xavi called me, but I stayed with Messi and Sergio did not have to come out, and from there, we controlled him pretty well. Ronaldo's 95-rated card is the best non-icon card on FIFA 18 and sells for a whopping 3.78 million coins on PS4.
  • 450 reportedly arrested in Tehran amid deadly anti-government demonstrations — Iran protests

    450 reportedly arrested in Tehran amid deadly anti-government demonstrations — Iran protests

    The young are most affected, with as many as 40 percent out of work according to analysts, and rural areas particularly hard-hit. But the protests have quickly become much more , and now represent a wholesale indictment of Iran's clerical system itself.
    Stretchered off against Southampton

    Stretchered off against Southampton

    He scored a decisive goal against Watford in a 4-2 win, dribbling 80 yards before a cool finish to seal the win. The first half produced glaring evidence that the Man United winger is pretty much unable to use his left foot.

    Trump says 'at some point' he might work with Democrats

    The basic principle behind this system is that corporates are not obligated to retain profits in subsidiaries in foreign lands. For both parties, it's the former members of the House who, in recent years, have been less partisan than their colleagues.
  • Tech Giants Issue Fixes, Updates For Meltdown And Spectre Flaws

    Tech Giants Issue Fixes, Updates For Meltdown And Spectre Flaws

    Intel's Walker confirmed that security analysts informed the company in June of the security holes in its PC and phone microchips. It takes a good deal of effort to access and discover the actual content of memory and make it meaningful, as mentioned earlier.
    Terry: Jose Mourinho's first Chelsea side would beat Guardiola's Man City

    Terry: Jose Mourinho's first Chelsea side would beat Guardiola's Man City

    Speaking to Sky Sports , the now-Aston Villa defender was asked if the Blues would have done differently in hindsight. If one thing is for certain, it's that most fans would give anything to see the duo do battle one last time.
    Nokia 6 to get Android 8.0 Oreo update, beta now available

    Nokia 6 to get Android 8.0 Oreo update, beta now available

    But the other noteworthy change is the move to an OLED screen, which usually translates to deeper blacks and power savings. IBT reported last week that one of these cameras could be equipped with a telephoto lens that allows x2 optical zoom.
  • 'Kingsman' Creator Mark Millar Weighs In On Disney-Fox Deal

    'Kingsman' Creator Mark Millar Weighs In On Disney-Fox Deal

    Now, Marvel can get to work on changing that, but it doesn't mean that it will or even should happen anytime soon. Disney is requiring many theater operators to share a higher percentage - 65 percent - of ticket sales.
    Trump and Putin Discuss North Korea in Phone Call

    Trump and Putin Discuss North Korea in Phone Call

    Framed by red neckline, throat of Felgelgauer showed a scar, footprint of knife of a madman who snuck into station echo of Moscow. If they lose, they could appeal to a Swiss federal tribunal and finally the European Court of Human Rights.

    Apple buys Shazam and says it has 'exciting plans in store'

    While Shazam is best known for its song-matching capabilities, the app has also been adding augmented reality features . Both companies have a history of working together as Shazam was one of the first titles in the App Store back in 2008.