Apple confirms computer chips flaws

Apple confirms computer chips flaws

It's the main brain that does most of the "thinking" in a digital device.

The flaws were uncovered in the code of CPUs the computers use.

Interestingly, Meltdown does not affect one device: The Apple Watch.

Dr Yuval Yarom from the University of Adelaide's School of Computer Science, and Data61, is part of an global team that has reported on security vulnerabilities in Intel processors made over the last two decades, which could affect computers, mobile phones and cloud servers.

The issue is serious enough that researchers have put together a website devoted to it. But Spectre is much more hard than Meltdown for hackers to exploit. They could fool you into downloading an app.

What happens with the Meltdown flaw?

Meltdown is an attack that accesses active system memory and can gain access to the kernel.

To reduce idle time, most modern chips speculate about future instructions while processing present ones, a process known as speculative execution. It's an analogous problem to vulnerabilities in the once-dominant Microsoft Windows operating system - or, in the agricultural world, to a disease affecting a widely used crop variety, like the preponderant but under-threat Cavendish banana. More on that in a moment.

What about the Spectre flaw? Similar to Meltdown, Spectre can steal information from one application and share it with another.

Initially, researchers thought there was no way to patch for Spectre.

New US ambassador to Netherlands grilled over 2015 comments
He said Hoekstra also was expected to visit various Dutch communities over the weekend, including Muslim communities. Moments later, he denied that he had called them fake news.

National Football League playoffs: Picks, odds for Titans vs. Patriots divisional game in Foxborough
Marcus Mariota completed a strike to Eric Decker with 6:06 remaining in the fourth quarter and the defense held to seal the win. They've had a good year and they've got a good team, so we're going to have to be at our best.

Space X to launch rocket carrying a vehicle to orbit Mars
The spokesman for the corporation said that the company isn't at liberty to comment on a classified mission. If additional reviews uncover any problems, she said, "we will report it immediately".

On Wednesday, researchers a of major security in the microprocessors at the heart of the world's computers for the past 15 to 20 years.

Technology companies are scrambling to fix serious security flaws affecting computer processors built by Intel and other chipmakers and found in numerous world's personal computers and smartphones.

If you own a computer or smartphone that uses an Intel, AMD or ARM processor, those devices are vulnerable to Spectre. The ARM design is also used in Apple's mobile chips.

Apple users haven't been spared in the great computer chip debacle.

Mozilla Firefox, meanwhile, shipped an update Thursday that includes fixes to jam Meltdown or Spectre exploits. It will release mitigations in Safari to defend against the Spectre bug "in the coming days", the release said.

It has now changed that advice to say users should "apply updates" to mitigate any attacks instead. Google will also ship an update to its Chrome browser in January to obstruct attempts to exploit these flaws.

Risks that Variant 1 would pose to the infrastructure underpinning Google Cloud are addressed by the multiple security controls that make up our layered "defence in depth" security posture. It won't be long before evildoers turn their attention to both of these flaws.

How do I update my software? The good news is that it can be fixed with a simple software patch for your system, and they are already in the works; in some cases, they are ready to go. This would be excellent excuse to finally upgrade your operating system or, if you can, get a whole new computer. They could be at risk permanently.

"We are now not aware of effective countermeasures that will eliminate the root cause of Spectre, short of hardware redesign", said Daniel Genkin, one of the authors of the Spectre research paper and postdoctoral fellow in computer science in the University of Pennsylvania and the University of Maryland, in the United States, in an email to The Register.

"Any patch they do is a kluge", he said. "The security research community is also a lot bigger than it was back in '95". They built a fence around their execution engines, and were satisfied with their security and privacy protection - until Google Project Zero researchers, and other experts, brought a ladder to the party and broke their security model. They didn't have the expertise to find these vulnerabilities.

Related Articles

  • IRS needs more money to implement the new tax law

    IRS needs more money to implement the new tax law

    They have ordered a review by the Government Accountability Office to determine whether the new tax guidelines are accurate. The IRS will release an online calculator by the end of February so taxpayers can ensure their paychecks are accurate.
    White House personal cell phone ban starts next week

    White House personal cell phone ban starts next week

    All employees electronics equipment must be issued by the White House Communications Agency, or else, the memo warned. A press secretary says tweets that seemed to contradict each other didn't contradict each other.
    First Look at Tom Hardy as Eddie Brock in Venom

    First Look at Tom Hardy as Eddie Brock in Venom

    I can promise you badass action, Venom's dark humor, and I can also promise you an absolutely stunning performance by Tom Hardy . Instead, this first official image is a look at Tom Hardy in reporter mode as Eddie Brock, pre-transformation.
  • Major Chip Flaws Confirmed as

    Major Chip Flaws Confirmed as "Meltdown" and "Spectre"

    Through the exploit, attackers may gain access to data, though they do not have the power to modify or delete them, Intel added. Exploiting this flaw , hackers could potentially read computer memory to access passwords and other information.
    Democrats warn U.S.  remains vulnerable to Russian election interference

    Democrats warn U.S. remains vulnerable to Russian election interference

    The report , titled "Putin's Asymmetric Assault on Democracy in Russian Federation and Europe: Implications for U.S. The report accuses Putin of leading two decades worth of election meddling across the globe. .
    'Camila' review: Camila Cabello's powerful solo debut

    'Camila' review: Camila Cabello's powerful solo debut

    She also stated that when she asked to help write lyrics for Fifth Harmony songs, she was rebuffed. Then the more I got into the year, it just was better.
  • Google Pay Launching as Google Consolidates Payment Options

    Google Pay Launching as Google Consolidates Payment Options

    Tez is translated to mean "fast" in Hindi, and comes with a digital wallet that will enable users in India to store currency. Google Pay is very much like Apple Pay, although obviously instead of using an Apple device you are on an Android device.
    YouTube cancels Logan Paul's advertisement deals following controversial video

    YouTube cancels Logan Paul's advertisement deals following controversial video

    A YouTube spokesman said: "In light of recent events, we have chose to remove Logan Paul's channels from Google Preferred ". Despite trying to make amends on more than one occasion, Logan Paul managed to become the comic book villain literally.
    Trump touts a poll that's awful  for him

    Trump touts a poll that's awful for him

    The survey was conducted January 5-9 among 1,106 voters and has a margin of error of 3.6 percentage points. Fifty-seven percent said he is not fit to serve as president, compared to 40 percent who say he is.
  • Skype is Testing New Private Conversations With End-to-End Encryption

    Skype is Testing New Private Conversations With End-to-End Encryption

    That changes today for Skype Insiders , who now have access to end-to-end encryption via the new Private Conversations feature. These private conversations can be used with audio calls and text chat, but can only be used on a single device at a time .
    National Football League  will investigate Raiders on Rooney Rule

    National Football League will investigate Raiders on Rooney Rule

    Asked what the Steelers should do this offseason, Bell said, "Value me". "And this time he didn't waver, either", Davis said. The rule requires teams to interview at least one minority candidate for head coach and general manager openings.
    Apple faces questions from senator over iPhone slowdown

    Apple faces questions from senator over iPhone slowdown

    Since Dec. 20, when Apple admitted to slowing down iPhones, the company has been under a steady worldwide barrage of criticism.