Viernes, 20 Julio, 2018

Meltdown and Spectre security vulnerabilities: All you need to know

Intel processor Major security flaws put virtually all phones & computers at risk
Eleena Tovar | 13 Enero, 2018, 15:46

Intel says that it's already sending out fixes for the massive "Meltdown" and "Spectre" security bugs, with 90% of recent processors getting the patch by the end of next week.

Apple confirmed that Spectre and Meltdown affects its Mac and iOS devices.

While CERT/CC has withdrawn its recommendation to replace processors, US-CERT - a related group that operates officially under the auspices of the Department of Homeland Security - has yet to update its own bulletin, issued earlier on Thursday. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants.

Meltdown, Spectre chip level flaw: Intel says it is rapidly issuing updates for all computers, servers powered by its processors. The major concern going around was that in order to fix this, OS makers would have to change how Windows, macOS and Linux manage the kernel, which would lead to a performance reduction. Intel believes these exploits do not have the potential to corrupt, modify or delete data. "I think it will affect the way that processors are designed". The vast majority of the world's cloud computing happens on Intel chips, including data centres run by Google, Microsoft and Amazon. And Intel said the flaws would have no material impact on the company's business or technology.

To improve performance, most processors try to guess what the computer program is going to do in the future. While this may seem to be the case for Meltdown, Spectre is a more widespread and deep-rooted flaw and there is no fix for it as of now.

"Intel will continue to work with its partners and others to address these issues, and Intel appreciates their support and assistance", the release added.

This time, though, Chipzilla and its chums claim to have made significant progress in deploying updates as both software patches and firmware updates. The company already faces multiple lawsuits, including one filed Thursday by Portland lawyer Michael Fuller.

Make sure your device is up-to-date and officially supported.

"As it is not easy to fix, it will haunt us for quite some time", the official Meltdown/Spectre FAQ says.

Microsoft, Apple and Google have addressed the critical security bug with the December or January Update. With that in mind, we can probably expect a few more updates on this going forward.

"You can never reduce risk down to zero, you can only mitigate it and there are trade-offs", he added.

Intel has bore the brunt of the initial fallout because at first it was reported that only its chips were affected.

Will the patch for Meltdown and Spectre slowdown my device?

"We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts", wrote Ben Treynor Sloss, Google Engineering Vice President, in a blog post.