Domingo, 24 Marcha 2019
Ultimas noticias
Casa » Security flaws put virtually all phones, computers at risk

Security flaws put virtually all phones, computers at risk

07 Enero 2018

Intel, ARM, and AMD are dealing with a significant security flaw that affects all sorts of computers including smartphones, laptops, and desktops, as well as cloud servers.

FLINT DUXFIELD: While experts say it's unlikely the vulnerabilities have been used by hackers, Dr Yarom admits that's something we can't know for sure.

It also reported that the updates to fix the problems could causes Intel chips to operate 5 percent to 30 percent more slowly.

FLINT DUXFIELD: The flaw, Mr Gruss found, which has been simultaneously been discovered by two other research teams around the world, has been dubbed 'Meltdown'. However, it would be wrong to consider either a bug or a design flaw, because they used the features behind the vulnerabilities to enhance performance.

Meltdown is based on support for memory sharing between the kernel and an application.

Researchers at Google Zero found that some extremely subtle timing differences in how a processor was executing instructions could provide insight into memory.

While many computer vulnerabilities occur through software, these two flaws exist in the hardware themselves.

There are three potential pathways for malware to gain system access. Some computers and phones already have these installed.

Microsoft has already released updates for Windows 10 that protect against both vulnerabilities. In an announcement from ARM, there are a mix of iOS devices affected too, but mostly older iPhones and iPads.

Browser developers are already starting to send out updates. Google has said it will update the Chrome browser soon. But is that really the case?

Lenovo made it easy. Then it will ask you when it's OK to install them. On Wednesday, it said it was in the process of implementing fixes. First, the company has divided itself into two parts, HP and HPE (Hewlett Packard Enterprise). Some of the firmware downloads available on HP's business computer site haven't been updated for years. Meanwhile, Microsoft Edge and Mozilla Firefox have been updated to increase the time it takes to execute certain Java commands, which should mitigate the issue, according to a Mozilla blog post.

To counter it, Google developed a binary modification technique called Retpoline that protects against the second variant (named Spectre) of the attack.

You should note that not every computer with every processor is going to receive updates immediately. ARM Holdings said it's working with Intel, AMD and operating system vendors to address the problem.