Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

'Meltdown' and 'Spectre' FAQ: What Mac and iOS users need to know about the Intel, AMD, and ARM flaw
iMore ^ | January 5, 2018 | By Rene Richie

Posted on 01/08/2018 12:45:49 PM PST by Swordmaker

A series of flaws have been discovered in Intel, AMD, and ARM chipsets that allow speculative references to be probed for privileged data.

"Meltdown" is a flaw currently believed to affect only Intel processors and "melts security boundaries which are normally enforced by the hardware". "Spectre" is a flaw that affects Intel, AMD, and ARM processors due to the way "speculative execution" is handled.

Both could theoretically be used to read information from a computer's memory, including private information like passwords, photos, messages, and more.

Apple has apparently already started patching Meltdown in macOS. Here's what you need to know.

(READ THE FAQ at the source. Lots of information of interest and value there, including for non-Apple intel computers and AMD computers, and other ARM devices.—Swordmaker)

(Excerpt) Read more at imore.com ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: amd; applepinglist; arm; intel; meltdown; spectre
Which versions of macOS / OS X have been patched against Meltdown and Spectre: macOS High Sierra: Patched against Meltdown in 10.13.2 That means software patches are now available for Macs going back to:

Current versions of iOS and tvOS patch against Meltdown.

For iOS, that means devices now patched include:

For tvOS, that means devices now patched include:

Previous versions of Apple TV didn't run full apps (only TV Markup Language apps made in partnership with Apple) so it's unclear if they face any risk from Meltdown or Spectre.

Patches for Safari to address Meltdown and Spectre are still forthcoming.

(These patches will mitigate against Meltdown and Spectre while you are computing only if you update your Macs to macOS HighSierra 10.13.2 and your iOS devices to iOS 11.2, and tvOS 11.2. — Swordmaker)

1 posted on 01/08/2018 12:45:49 PM PST by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: ShadowAce; ThunderSleeps; dayglored; ~Kim4VRWC's~; 1234; 5thGenTexan; AbolishCSEU; Abundy; ...
A pretty comprehensive FAQ and source of information—mostly for Mac and iOS device users which also includes information for other computer and device users—on the Meltdown and Spectre vulnerabilities. Seems to be comprehensive and lacking the hype other sources are heavy in. Well worth going through. — PING!


MeltDown and Spectre FAQ for Apple Users
But Also Good for Other Computer & Device Users
Ping!

Pinging ShadowAce, ThunderSleeps, and dayglored for their ping lists.

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

2 posted on 01/08/2018 12:52:37 PM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

This guy has 2 other videos on this https://www.youtube.com/watch?v=STQukPXWkTI&t=306s


3 posted on 01/08/2018 1:00:38 PM PST by butlerweave
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Thanks! Very helpful information. You did your good deed today. What are you going to for us tomorrow? ;-)


4 posted on 01/08/2018 1:08:49 PM PST by be-baw (still seeking...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker
Image and video hosting by TinyPic
5 posted on 01/08/2018 1:10:15 PM PST by b4its2late (A Liberal is a person who will give away everything he doesn't own.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Sounds like Apple is on top of this.

Haven’t heard from MS or the Mfrs..................


6 posted on 01/08/2018 1:13:11 PM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker
From the FAQ: "For home users on Intel-based computers, including Macs, Meltdown can only be exploited by code running on your machine. That means someone first needs to have physical access to your computer or has to trick you into installing malware through phishing or some other form of social engineering attack."

and "Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques."

That's basically what I've been saying. Very similar side channel attacks have been know for about 2 years and there are no effective exploits in the wild. A similar side channel attack on DRAM using javascript was demo'd in 2014 and nobody was able to use it in the wild.

7 posted on 01/08/2018 1:21:43 PM PST by palmer (...if we do not have strong families and strong values, then we will be weak and we will not survive)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

bump


8 posted on 01/08/2018 1:22:28 PM PST by Albion Wilde (Winning isn't as easy as I make it look. -- Donald J. Trump)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Microsoft is patching but the patch is Bricking computers running older Athlon cpus


9 posted on 01/08/2018 1:38:04 PM PST by butlerweave
[ Post Reply | Private Reply | To 6 | View Replies]

To: butlerweave

Microsoft, except for their Surface offerings, only can do operating system patches rather than hardware patching. They are working with the hardware OEMs (Intel, AMD) to provide comprehensive software patching, but understand this is only within the OS, not the chipset or cpu.

And it isn’t bricked as long as you create a system restore point, which is the default in Windows 7 and up. So IF the restore points are not turned off, they system should be recoverable.

Now if hardware patching is being directly applied to the mainboard (CMOS or BIOS upgrade/update), that would be another story, and outside of the Microsoft update realm.


10 posted on 01/08/2018 2:00:28 PM PST by Alas Babylon! (Keep fighting the Left and their Fake News!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: butlerweave

That might tend to piss some users off................


11 posted on 01/08/2018 2:04:11 PM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Alas Babylon!

The only patching you’ll get anyway is software , Intel said get stuffed


12 posted on 01/08/2018 2:10:12 PM PST by butlerweave
[ Post Reply | Private Reply | To 10 | View Replies]

To: Red Badger

It bricks Windows 10 and 7 not the bios ,good reason to move to Linux


13 posted on 01/08/2018 2:11:33 PM PST by butlerweave
[ Post Reply | Private Reply | To 11 | View Replies]

To: butlerweave

I would hope that MS has a un-do for the ‘patch’..................


14 posted on 01/08/2018 2:16:44 PM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Red Badger

All you need to do is boot up from the install DVD or USB stick, and then apply the recovery snapshot from the OS.

When you boot up to recovery from the install media, it is actually running Windows PE on a RAMDisk, so the original hard drives and OS are exposed for operations to recover, like finding the restore point snap shot and reapplying it to the operating system.

It would be like a new install with your data restored from the time you took the snap shot, minus the patch that caused the bricking.


15 posted on 01/08/2018 2:22:51 PM PST by Alas Babylon! (Keep fighting the Left and their Fake News!)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Swordmaker

What I see in this:

Your actual PC isn’t a concern. When someone learns to exploit this, it will be _the of the world as we know it_.

All military systems, all power generation. If you can get a password, then it’s been controlled. So the people who figure out how to exploit would be stupid to surf a computer looking for banking information. They could control the world.

The next 10 years will be interesting. This will loom over us for more than a decade.


16 posted on 01/08/2018 2:52:53 PM PST by Celerity
[ Post Reply | Private Reply | To 2 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson