Major hardware flaws make computers, smartphones a security risk

Adjust Comment Print

Apple says that this update can slow the browser, but by no more than 2.5%.

It was only a matter of time before we started naming security vulnerabilities after James Bond movies.

In a statement Thursday, Arm said that the majority of its processors are not affected by Spectre or Meltdown but confirmed that it has been working with Intel, AMD and other partners to develop defenses against the vulnerabilities.

A collaboration of researchers from Google's Project Zero team, the Graz University of Technology in Vienna, the University of Pennsylvania, the University of Adelaide in Australia and various security companies released the full details of two attacks - called Meltdown and Spectre - that exploit flaws inherent to modern CPUs in order to steal sensitive data from memory.

Android software released this week includes mitigations. One of the flaws were said to be unfixable by a simple software update.

It was reported just this week that all Intel chips produced over the last decade feature a design flaw that could put all Windows, Linux and macOS kernels at risk by essentially allowing commonly used programs to read or discern the contents and layout of a computer's protected kernel memory areas.

So that's the bad news, but there's also some good news in this story. But the incident is likely to spur cloud companies to press Intel for lower prices on chips in future talks, said Kim Forrest, senior equity research analyst at Fort Pitt Capital Group in Pittsburgh, which owns shares in Intel. Happily, their contributions are being celebrated and appreciated even by Intel, despite the fact that none of the researchers work there. It said it planned to publicly disclose the problem next week. There is no evidence that hackers have taken advantage of the vulnerability - at least not yet.

North Korea And South Korea Officially Agree To Hold High-Level Talks
Trump tweeted , "I too have a Nuclear Button, but it is a much bigger & more powerful one than his, and my Button works!" Trump, who hurled fresh insults at the North Korean leader this week, took credit for any dialogue that takes place.

Researchers recently discovered these issues and unveiled the two-decade old flaws on Wednesday. But he said the company later threatened to bring a lawsuit against him under the Computer Fraud and Abuse Act.

The lawsuits were filed in California, Oregon and in, according The Guardian. Computer chips made by AMD, Qualcomm and ARM are also vulnerable to the security flaw.

Meltdown is a particular problem for the cloud computing services run by the likes of Amazon, Google, and Microsoft.

However, despite all of this work, Williams noted that with the Meltdown patches specifically, "the patch does not address the core vulnerability, it simply prevents practical exploitation".

The firm's Cloud VP, Ben Treynor Sloss, said the company's engineering teams have been working to protect customers from the flaw "across the entire suite of Google products" since a year ago, including Google Cloud Platform (GCP), G Suite applications, and the Google Chrome and Chrome OS products.

Most of the immediate fixes will be limited to the Meltdown bug. Far from being crisis, Meltdown was a success story of cloud computing-patches rolled out across a handful of huge companies effectively serve to protect the data of millions of customers worldwide.

"It is vital that users install any available patches without delay". But there are also happier stories underlying some of these discoveries and it's important not to lose sight of those.