Author Topic: Major Intel, Arm chip security flaw puts your PCs, phones at risk  (Read 333 times)

Offline Hardhead

  • Administrator
  • Hero Member
  • *****
  • Posts: 667
    • View Profile
Quote
A newly discovered exploit in most modern processors could make your computer or phone vulnerable to attacks. But chipmakers say they've got fixes ready to go.

Several researchers, including a member of Google's Project Zero team, found that a design technique used in chips from Intel, Arm and others could allow hackers to access data from the memory on your device. The problem impacts processors going back more than two decades and could let hackers access passwords, encryption keys or sensitive information open in applications.

The flaws, known by the names Spectre and Meltdown, aren't unique to one particular chipmaker or device. Instead, they impact everything from phones to PCs and servers.

"It's not really one vendor's problem," Steve Smith, head of Intel's data center engineering operations, said during a conference call Wednesday. "It's not an issue with our product. It's not an issue with someone else's product." It's a general design issue that impacts most modern chips, he said.


https://www.cnet.com/news/chips-exploit-meltdown-spectre-security-flaws-afflict-arm-phones-and-intel-pcs/

Quote
AMD, Intel's chief rival in supplying processors for computers and data centers, said the exploit has little impact on its processors. One possible exploit could be resolved with software and operating system updates with "negligible performance impact," AMD said, while the other two don't affect AMD chips because of differences in its architecture.

"The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants," the company said in a statement. "Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time."

Apple has already released there update to version iOS 11.2.2 and Mac OS which I installed January 8th.

https://9to5mac.com/2018/01/08/ios-11-2-2-security-update/



Offline Hardhead

  • Administrator
  • Hero Member
  • *****
  • Posts: 667
    • View Profile
Re: Major Intel, Arm chip security flaw puts your PCs, phones at risk
« Reply #3 on: January 22, 2018, 07:17:29 am »
Here's a list of all vendors affected.
I do know that Apple has updated there firmware when they updated ISO to 11.2.2

http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

Microsoft is also updated but there are other issues as described in my previous post about Intel.
http://www.kb.cert.org/vuls/id/CHEU-AQNMYP




Offline Triple Helix

  • Troll Hunter
  • Administrator
  • Sr. Member
  • *****
  • Posts: 315
  • Fortis Fortuna Adiuvat
    • View Profile
    • Webroot Community Supporter
Re: Major Intel, Arm chip security flaw puts your PCs, phones at risk
« Reply #4 on: January 22, 2018, 05:41:24 pm »
Intel has communicated a potential issue with the microcode included in these BIOS updates for the Intel 4th generation (Haswell) and Intel 5th generation (Broadwell) processors listed below. This issue is currently under investigation by Intel and we will provide further updates as available. Refer to Intel’s Security Issue Update: Addressing Reboot Issues, for more information.

https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/
Microsoft® Windows Insider MVP - Windows Security
Webroot SecureAnywhere Complete & VoodooShield Pro

Offline Hardhead

  • Administrator
  • Hero Member
  • *****
  • Posts: 667
    • View Profile
Re: Major Intel, Arm chip security flaw puts your PCs, phones at risk
« Reply #5 on: January 23, 2018, 04:41:12 am »
Quote
Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners
 
January 22, 2018
By Navin Shenoy

As we start the week, I want to provide an update on the reboot issues we reported Jan. 11. We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed.

Based on this, we are updating our guidance for customers and partners:

We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.
We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.
I apologize for any disruption this change in guidance may cause. The security of our products is critical for Intel, our customers and partners, and for me, personally. I assure you we are working around the clock to ensure we are addressing these issues.

I will keep you updated as we learn more and thank you for your patience.

https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/