Serious security flaws 'Spectre' and 'Meltdown' haunting Intel, AMD and ARM chips

Compartir

Meltdown and Spectre, two recently disclosed security flaws, affect chipsets from leading semiconductor manufacturers including Intel, AMD and mobile chip design ARM.

Apple says that currently there are no known exploits that are impacting users at this time.

In a web page dedicated to the vulnerability, security researchers said Meltdown and Spectre may "get hold of secrets stored in the memory of other running programs".

"In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services", the company said."In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services", the company said.

Apple said Thursday all Mac computers, iPhones and iPads are at risk, but it insisted the flaws had affected none of its customers.

If you use a computer, smartphone, tablet, smart TV or any other computing device, you're almost definitely affected, and there's no real way to detect if someone's trying to crack into your device, system or cloud account.

In the District of Oregon, a lawsuit has been filed by Wyatt Mann complaining that Intel for months has been aware of a defect in its chips that could be exploited by hackers. It exploits an architectural technique known as "speculative execution" which is a key feature of things such as look-ahead instructions and data, which significantly improves computer performance.

What you should do about it?

Prevén temperaturas bajas y lluvias fuertes en el país
Posibilidad de nieve granulada, aguanieve o lluvia engelante, durante la noche: norte y centro de Coahuila, Nuevo León y Tamaulipas.

The announcement set off a round of alarm among members of the information security community about the potentially all-encompassing nature of the flaws. "We sat for hours in disbelief until we eliminated any possibility that this result was wrong", said Gruss. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. Some computers and phones already have these installed.

Nonetheless, the company is planning to make software and operating system updates available that will resolve the issue with negligible performance impact.

They do not allow takeover or modification of machines and operating systems, so it is not a traditional malware actor.

As companies started to make changes to their software to allow them to implement the patches, security researchers noticed something was going on. But in the fourth quarter of last year, CEO Brian Krzanich sold nearly 900,000 shares, halving his stake in the company, according to Bloomberg.

Software that could be used to expose that data includes Javascript routines that are commonly run on computers simply as a result of visiting websites. Intel says it was notified about the bugs in June.

Mo Jia, a Shanghai-based analyst with industry consultancy Canalys, said Android-based Chinese smartphones are mostly affected by Spectre, a security flaw that is more difficult for hackers to exploit but is also more challenging to fix.

"Intel has a tool you can use to check if your system is vulnerable to the bugs", Kaspersky Lab's GReAT Senior Security Researcher, Ido Naor, advised.

Compartir