Amazon, Google and now Apple... as the list of digital giants hit by the "Spectre" and "Meltdown" computer security flaws grows longer, the race is on to limit the damage.
"All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time," Apple -- whose devices are usually regarded as secure -- said in a post on an online support page on Thursday.
Amost all microprocessors produced over the past 10 years by Intel, AMD and ARM are affected. No PC or mobile device can function without the miniature components that are effectively nerve centres for executing computer programmes and apps.
And that is what distinguishes them from previous security alerts that have tended to involve software rather than hardware.
In theory, Spectre and Meltdown could enable a user to "access kernel level memory access, exposing critical information that would be stored there, like system passwords," said Chris Morales, head of security analytics at Vectra.
Luke Wagner, a software engineer at Mozilla, wrote on a security blog that it was "possible to use similar techniques from web content to read private information".
Effectively, all electronic devices manufactured all around the world in recent years contain potentially vulnerable chips.
The biggest names in the sector, including Amazon, Google, Microsoft and Mozilla, are now rushing out updates and patches to eliminate the flaw.
US giant Intel, as well as its rivals AMD and ARM, have started installing updates.
In a statement on Thurday, Intel said it and its partners "have made significant progress in deploying updates" to mitigate any threats.
"Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years," an Intel statement said.
"In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services."
Apple, for its part, advised only getting apps from its online App Store which vets programmes for safety, and said it has already released some "mitigations" to protect against the exploit and planned to release a defensive update for Safari on macOS and iOS in the coming days.
Difficult to exploit?
But some experts believe that the only real "fix" in some cases would be replacing the chip itself, which would be a huge issue for the computing industry.
That said, the experts concede that hacking the chips would require a very high level of technical expertise and the risks were therefore limited.
The US Computer Emergency Readiness Team (CERT) said that it was "not aware of any active exploitation at this time."
In Germany, the BSI Federal Office for Information Security, similarly found no evidence of any "active exploitation" of the flaw, but still sector players to protect themselves "as quickly as possible."
In addition to the security flaw, Intel found itself in hot water Friday over the announcement that its chief executive had sold some of his shares in the company.
According to the specialist magazine Solutions Numeriques, Intel was aware of the existence of the security flaw in its chips at the end of November. But in the fourth quarter of last year, CEO Brian Krzanich sold nearly 900,000 shares, halving his stake in the company, according to Bloomberg.
A company spokesman told Bloomberg that the sale had nothing to do with the issue of the security flaw, insisting that Krzanich had exercised options according to a pre-set timetable agreed long before.
11/23/2018 09:31:56 pm
It's about time for tech firms and government to make several ways on how we can prevent online hacking, fraud and other dangers we are dealing with online. No matter how organized the system could be, there will always be security flaws, and that is something that we want to resolve right now! I have been a victim of online fraud since my ATM card was hacked! Good thing because my bank knew that it happened and the helped me get back my money.
10/5/2021 03:19:50 pm
Hunting for a sink can be overwhelming, confusing, and frustrating. The Sink Reviewer is here to guide you with buying tips, ratings, and reviews. Let’s find the perfect sink for you.
10/6/2021 05:59:53 am
Our goal is to make trampoline buying process easier, safer, and more enjoyable for everyone through skill-based tutorials, detailed guides, and in-depth reviews.
11/10/2021 11:45:00 am
At plosworkshop.com, we are a team of projector-savvy, hardcore gamers with a huge gathered experience in all kinds of projectors available.
12/5/2021 05:36:57 am
The popular way that promises to help you retrieve deleted Instagram messages is the so-called recovery with Facebook. This method claims it will get your Instagram messages from your connected Facebook account’s inbox.
12/16/2021 02:57:29 am
Do you want to know How To Make Popcorn in a Commercial Popcorn Machine? Well, That’s not that difficult. Let’s see how to do it in this post
2/15/2022 06:36:25 am
A GPS watch for Everyday Use is for anyone who has a very active life. It combines the best sports functionalities with features that are useful on a daily basis. These include a contactless payment solution and notifications from your smartphone. When it comes to physical activity, the GPS watches for everyday use comes with 15 preloaded sports programs and various fitness indicators to help you keep track of your health and goals and to test various athletic activities.
what do you do if your fire system doesn't work? you don't want to be in the position where you need to leave your business premises unguarded and at risk of fire. If you are caught out with your system breaking down, then you will need to act quickly to make sure that your premises are kept safe and that your insurance will continue to cover you.
Leave a Reply.
Owner of Byteback Computers, LLC