Thursday, 19 April, 2018

Apple Warns of Potential Chip Vulnerabilities

Meltdown and Spectre Apple Warns of Potential Chip Vulnerabilities
Theresa Hayes | 12 January, 2018, 18:10

The Meltdown vulnerability is specific to Intel, but the company said that it would work with rivals AMD and ARM to resolve another fault that also affects them, called Spectre. Such a leak could potentially expose stored passwords and other sensitive data, including personal photos, emails and instant messages.

Meltdown is "probably one of the worst CPU bugs ever found", said Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw.

But it's still working on other fixes that users should look out for.

Here's a look at what's affected, what's being done about it and whether you should worry.

Since the news of these exploits has come out, AMD stock has skyrocketed while Intel's has dipped significantly.

Major software makers have not issued patches to protect against Spectre, which affects almost all computer chips made in the last decade.

In recent days, cybersecurity experts have released information about design flaws in microchips produced or designed by such companies as Intel, AMD and Arm Holdings, which control nearly all the chip market.

Google said its Android phones - which make up more than 80% of the global market - were protected if users had the latest security updates. Experts say the disclosure of the critical flaws underscores the need to keep up with software updates and security patches and highlights the role independent research plays in prodding tech companies to minimize security weaknesses. There's no fix for this problem yet and we may not see one until chipmakers redesign their processors - which could take years. The Meltdown and Spectre exploits would theoretically be able to trick that process in order to gain access to privileged data. Apple has released some updates to defend against Meltdown and will be releasing an update to protect against Spectre soon. Microsoft has released a patch for PCs that use its Windows operating system.

Intel headquarters

The revelations "attack the foundational modern computer building block capability that enforces protection of the (operating system)", said Steve Grobman, chief technology officer at security firm McAfee.

The iPhone maker has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown, and confirmed on Thursday the Apple Watch is not affected by Meltdown.

Operated by companies like Amazon, Microsoft and Google, these are services where any business or individual can rent access to computing power over the Internet.

"These bugs in the hardware can enable hackers using malicious programs to steal sensitive data which is now processed on the computer. Don't save anything on cloud systems that you wouldn't want hacked".

There are limits to what consumers can do now to protect their computers.

Both are issues with the way computer chips are designed.

Guidance from United States cyber-security project CERT, which is funded by the federal government, originally advised computer users that in order to fully remove the vulnerability they would have to "replace" processor hardware.

That's not to say nothing can be done. You can then head to System, then System Update to download the latest update if you haven't done so already. There are already Meltdown patches for Microsoft's Windows, Apple's macOS and Linux. Mozilla is also implementing a short-term mitigation to disable some capabilities of the Firefox Browser.