Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Meltdown and Spectre Vulnerabilities
Here  ya go. 

Intel CEO Pledges Commitment to Security Following Meltdown and Spectre Vulnerabilities
Thursday January 11, 2018 3:46 pm PST by [color=var(--body-font-color)]Juli Clover[/color]
[Image: intel.jpg]
Intel CEO Brian Krzanich today wrote an open letter to Intel customers following the "Meltdown" and "Spectre" hardware-based vulnerabilities that impact its processors. 

In the letter, Krzanich says that by January 15, updates will have been issued for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder coming at the end of January. 

For Apple customers, macOS and iOS devices have been patched with protection against Spectre and Meltdown. Meltdown was addressed in macOS High Sierra 10.13.2 and iOS 11.2, while Spectre mitigations were introduced in a macOS 10.13.2 supplemental update and iOS 11.2.2, both of which were released this week. The vulnerabilities have also been addressed in older versions of macOS and OS X. 

According to Krzanich, going forward, Intel promises to offer timely and transparent communications, with details on patch progress and performance data. Because Spectre and Meltdown are hardware-based vulnerabilities, they must be addressed through software workarounds. In some cases, these software patches cause machines to perform more slowly. 

Apple users do not need to worry about performance impacts. According to Apple, Meltdown had no measurable reduction in performance on devices running macOS and iOS across several benchmarks. Spectre, fixed through a Safari mitigation, had no measurable impact on most tests, but did impact performance by less than 2.5% on the JetStream benchmark. Apple says it plans to continue to refine its mitigations going further. 

In addition to remaining transparent about the performance impact of the software fixes, Krzanich says Intel will commit to disclosing security vulnerabilities and sharing hardware innovations that will, in the future, prevent such attacks.
Quote:[color=rgba(0, 0, 0, 0.65098)]Our customers' security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.[/color]
For those who missed the news last week, Spectre and Meltdown are serious hardware-based vulnerabilities that take advantage of the speculative execution mechanism of a CPU, potentially allowing hackers to gain access to sensitive information. 

Spectre and Meltdown impact all modern processors, including those used in Mac and iOS devices, and these two vulnerabilities will continue to be an issue for the foreseeable future as addressing them entirely requires new hardware design. Apple has prevented Spectre and Meltdown from affecting customers through software updates, but all hardware and software manufacturers will need to be wary of additional speculative execution attacks going forward. 

Apple customers should make sure to keep their Macs and iOS devices up to date with the latest software to remain protected from malicious attacks that might take advantage of the exploits.

 If you get tired, learn to rest, not to quit.
Goo gle is crap as well
Can’t believe anything they say
Lies lies and more lies from goo gle

Gosh I don’t believe the promise that we will do better either
Surprise surprise
It was most likely a built in back door that someone stumbled across and told on them

How do you take chumming with. All those guys
Oh phony on them all

 If you get tired, learn to rest, not to quit.
Intel got drawn into a CPU speed battle years back. Security was not a priority.

This is very hard to fix because Intel CPUs are running an entire Minix OS inside the CPU, independent of whether you run Windows, Linux or MacOS. The only good news is it is incredibly hard to exploit at the moment. But really all the "fixes" are work arounds. In the end the real fix will be a new CPU.

BTW I've got no problem with Google in this. I think they've behaved responsibly... they uncovered the vulnerability, gave Intel and others an embargoed notice period - presumably hoping something would be done. It is quite common in the sector to give companies a few months to find a fix before going public.

Forum Jump:

Users browsing this thread: 1 Guest(s)