Posted on 01/08/2018 12:45:49 PM PST by Swordmaker
A series of flaws have been discovered in Intel, AMD, and ARM chipsets that allow speculative references to be probed for privileged data.
"Meltdown" is a flaw currently believed to affect only Intel processors and "melts security boundaries which are normally enforced by the hardware". "Spectre" is a flaw that affects Intel, AMD, and ARM processors due to the way "speculative execution" is handled.
Both could theoretically be used to read information from a computer's memory, including private information like passwords, photos, messages, and more.
Apple has apparently already started patching Meltdown in macOS. Here's what you need to know.
(READ THE FAQ at the source. Lots of information of interest and value there, including for non-Apple intel computers and AMD computers, and other ARM devices.Swordmaker)
(Excerpt) Read more at imore.com ...
Current versions of iOS and tvOS patch against Meltdown.
For iOS, that means devices now patched include:
For tvOS, that means devices now patched include:
Previous versions of Apple TV didn't run full apps (only TV Markup Language apps made in partnership with Apple) so it's unclear if they face any risk from Meltdown or Spectre.
Patches for Safari to address Meltdown and Spectre are still forthcoming.
(These patches will mitigate against Meltdown and Spectre while you are computing only if you update your Macs to macOS HighSierra 10.13.2 and your iOS devices to iOS 11.2, and tvOS 11.2. Swordmaker)
Pinging ShadowAce, ThunderSleeps, and dayglored for their ping lists.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
This guy has 2 other videos on this https://www.youtube.com/watch?v=STQukPXWkTI&t=306s
Thanks! Very helpful information. You did your good deed today. What are you going to for us tomorrow? ;-)
Sounds like Apple is on top of this.
Haven’t heard from MS or the Mfrs..................
and "Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques."
That's basically what I've been saying. Very similar side channel attacks have been know for about 2 years and there are no effective exploits in the wild. A similar side channel attack on DRAM using javascript was demo'd in 2014 and nobody was able to use it in the wild.
bump
Microsoft is patching but the patch is Bricking computers running older Athlon cpus
Microsoft, except for their Surface offerings, only can do operating system patches rather than hardware patching. They are working with the hardware OEMs (Intel, AMD) to provide comprehensive software patching, but understand this is only within the OS, not the chipset or cpu.
And it isn’t bricked as long as you create a system restore point, which is the default in Windows 7 and up. So IF the restore points are not turned off, they system should be recoverable.
Now if hardware patching is being directly applied to the mainboard (CMOS or BIOS upgrade/update), that would be another story, and outside of the Microsoft update realm.
That might tend to piss some users off................
The only patching you’ll get anyway is software , Intel said get stuffed
It bricks Windows 10 and 7 not the bios ,good reason to move to Linux
I would hope that MS has a un-do for the ‘patch’..................
All you need to do is boot up from the install DVD or USB stick, and then apply the recovery snapshot from the OS.
When you boot up to recovery from the install media, it is actually running Windows PE on a RAMDisk, so the original hard drives and OS are exposed for operations to recover, like finding the restore point snap shot and reapplying it to the operating system.
It would be like a new install with your data restored from the time you took the snap shot, minus the patch that caused the bricking.
What I see in this:
Your actual PC isn’t a concern. When someone learns to exploit this, it will be _the of the world as we know it_.
All military systems, all power generation. If you can get a password, then it’s been controlled. So the people who figure out how to exploit would be stupid to surf a computer looking for banking information. They could control the world.
The next 10 years will be interesting. This will loom over us for more than a decade.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.