Meltdown, Specter bugs: Apple iPhones, ipad, Macs at risk

Friday, 05 Jan, 2018

What you should do about it?

Fortunately software patches do exist to prevent it from happening. And keep your apps updated, most notably your browser, and, as always, beware of phishing emails that can give hackers access to your machine.

Google Chromebooks self update.

In fact, Mac devices have always believed to be less vulnerable to viruses and security issues as compared to Android of Microsoft operating systems. Users of other devices will have to wait for the updates to be pushed out by third-party manufacturers, including Samsung, Huawei and OnePlus. But patches are coming fast and furious.

Microsoft has released a rare, out-of-band emergency patch for Windows 10 users. After updating Windows and checking for a firmware update, you should run a scan using your AV app to check for any malicious software on your system.

If this wasn't enough proof that Apple devices are safe from the flaw, take a look at this tweet from software developer Alex Ionescu, who says his studies of macOS code show Apple introduced a fix for the CPU flaw in the release of macOS 10.13.2, and there are additional tweaks set to be introduced in macOS 10.13.3, which is now in beta testing. The upgrades come via auto updates. The statement further adds that the company will release mitigations in Safari to help defend against Spectre. Gmail users do not need to take any additional action to protect themselves, but users of its Chromebooks, Chrome web browser and users of Google Cloud services who have installed their own operating systems will need to install updates.

Amazon Web Services (AWS) also said it was made aware of the research around the bug previous year, referring to it as a "side-channel analysis of speculative execution on modern computer processors [namely] CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754".

According to the BBC, Meltdown affects laptops, desktop computers and internet servers with Intel chips.

Such a wide-scale attack has not been seen for some time, so ITProPortal asked the technology industry for its views on the issue. Spectre is more complex and allows attackers to read information from other running programs.

The Spectre of a tech Meltdown the likes of which has always been the topic of choice for apocalyptic movies depicting an end of the world sort of scenario might well be real after all. A countermeasure against another side channel attack was published over the summer and titled KAISER.

What's the problem that makes this possible?

AMD chips are also affected by at least one security flaw.

Intel on Wednesday confirmed a report stating that its semiconductors contain a vulnerability based around a chip-processing technique called speculative execution. You can also check by going to Settings System About and scrolling down to the Windows specifications section. It is also more hard for attackers to exploit compared to Meltdown. Any device older than Intel's Skylake chips is likely to face the heat more than the rest.

Meltdown does not affect the Apple Watch, it said, as the bug was an issue with Intel processors which are not contained in that device. This includes things like passwords and cryptographic keys as well as information needed to more effectively exploit other vulnerabilities.

The flaws were discovered over the last several months independently by several teams, including Google's Project Zero security team, researchers at Graz University of Technology in Austria, the University of Adelaide in Australia and the universities of Pennsylvania and Maryland, along with researchers at security firms Cyberus Technology, Rambus and Data61.

Once the hardware is available for companies to replace the problematic chips, it will be costly. This created buzz in the broader computer security community.

Why do we only know now?

The lead cloud provider, Amazon, also said on Thursday that it did not expect performance to be severely impacted.

But the race is now on, says Tony Cole, vice president of global government and critical infrastructure with computer security company FireEye.

How can I be sure I'm protected?

"It's being worked on as we speak".