Horrific Security Flaw Affects Decade of Intel Processors

www.popularmechanics.com ^ | 03 January 2018 | By Eric Limer

[Bob434]

my question is- being computer illiterate nearly- what exactly would the hackers be getting off a typical Internet and email user’s computers that is so valuable? All i basically do is Internet browsing and email with only a very few contacts really- it’s not like there is a whole slew of ‘valuable personal info’ on the computer

[matthew fuller]

WOO-HOO, AMD Phenom II!

[Swordmaker]

A similar exploit has been found in AMD processors.
https://www.windowscentral.com/all-modern-processors-impacted-new-meltdown-and-spectre-exploits

I'd use the term "vulnerability" instead of "exploit" because no exploit has actually been demonstrated for either "Meltdown" or "Spectrum."

[Swordmaker]

Does that apply to all supported versions, or only High Sierra? I.e. Has Apple rolled out fixes for older versions, -or- will older versions get a fix in the future, -or- does this force us all to upgrade?

I got sidetracked when I was posting the ping. It's only macOS 10.13.2 and later at this Time. Hopefully, they will patch earlier versions with a minor upgrade to just fix this.

[Swordmaker]

And it seems, according to the wording, that the “physical” stuff only applies to the AMD and ARM chips.

You've pretty much got it. . . a properly crafted app can force something into the look-ahead process to run something malicious.

[Swordmaker]

my question is- being computer illiterate nearly- what exactly would the hackers be getting off a typical Internet and email user’s computers that is so valuable? All I basically do is Internet browsing and email with only a very few contacts really- it’s not like there is a whole slew of ‘valuable personal info’ on the computer

Passwords, credit cards you may use, SSN. etc.

[Prov1322]

I smell a lawsuit...

Absolutely...and I already know the outcome...

Lawyers receive hundreds of millions in fees.

End user plaintiffs will receive coupons for 10% off next purchase.

[WayneS]

That sounds about right.

[PreciousLiberty]

Does this also affect the latest Coffee Lake processors?

[Red Badger]

You may be thinking of the flaw from last year..............

[Red Badger]

That I do not know..............

[Red Badger]

It came on at the speed of light!............

[Red Badger]

This is hardware, not software. MS is innocent.............this time.....................

[Red Badger]

Mine was a speed demon.....10 MHz!.................whooo-hoooo!.................

[Red Badger]

This may answer your question:

from FReeper swordmaker’s post #64:

Mitigations by Linux code-base maintainers are underway, as are changes by Microsoft to protect Windows users. In response to a query, Microsoft told AppleInsider that they had no comment on a timetable of a release to fix the security flaw at this time, but kernel memory handling was altered by the company in Windows 10 beta builds in the end of 2017.

[Red Badger]

Or North Korea or Iran or Russia or............

[Red Badger]

That’s what I was thinking, but the old aphorism is, “”Never attribute to malice that which is adequately explained by stupidity.” .........................

[Red Badger]

https://www.reuters.com/article/us-cyber-intel/security-flaws-put-virtually-all-phones-computers-at-risk-idUSKBN1ES1BO

[Red Badger]

https://www.reuters.com/article/us-cyber-intel/security-flaws-put-virtually-all-phones-computers-at-risk-idUSKBN1ES1BO

[Red Badger]

https://www.windowscentral.com/all-modern-processors-impacted-new-meltdown-and-spectre-exploits