Table of contents:
- Which processors are at risk
- What attacks are possible
- How to fix a vulnerability on a PC
- What's with smartphones
- When the vulnerability is completely fixed
- What users should do
2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44
The problem affects almost all chips released since 1995.
Yesterday, Western media began to shake the news that virtually all Intel processors released over the past 20 years are subject to a serious vulnerability. Using it, attackers can gain access to all logins and passwords, cached files and any other personal data of users.
Which processors are at risk
Intel representatives officially confirmed the threat, noting that other manufacturers are also vulnerable. Researchers from Google Project Zero agree with this opinion. ARM said the Cortex-A processors used in smartphones may be at risk, but accurate risk assessment takes longer. AMD also acknowledged the danger of the situation, but at the same time declared about "almost zero risk" for their processors.
What attacks are possible
The vulnerability conditionally allows for two types of attacks, which are named Meltdown and Specter.
Meltdown mostly concerns only Intel chips and breaks the isolation between programs and the operating system kernel, due to which it is possible to access all the data stored by the OS.
Specter, on the other hand, allows local applications to access the contents of the virtual memory of other programs.
How to fix a vulnerability on a PC
It is quite possible to cope with Meltdown programmatically, that is, at the expense of the so-called patches that will prohibit applications from using the internal memory of the system. However, after such an update, the overall work of the computer can be slowed down by 5-30%.
Microsoft has already released a corresponding update for Windows 10, and on January 9, similar patches for other versions of Windows are expected to be released. Necessary updates for Linux are also coming out from the beginning of December. In macOS 10.13.2, released last month, part of the Meltdown vulnerability has already been closed, but the whole problem will probably only be solved with the next update.
Google is also actively working on fixing the problem, admitting that Chrome is also susceptible to the attack. Prior to the release of a browser update, users are encouraged to manually enable site isolation from each other.
What's with smartphones
As for mobile devices, there is also a risk of attacks, but on most gadgets the vulnerability is difficult to reproduce. And yet, the latest security patches from Google have already been released for the Nexus 5X, Nexus 6P, Pixel C, Pixel / XL and Pixel 2 / XL.
Other smartphone makers have received the patch as well. But at what speed it will be sent to gadgets is unknown.
When the vulnerability is completely fixed
If the Meltdown situation with software updates dies down, then the Specter is much more complicated. There are no ready-made software solutions at the moment. According to preliminary data, in order to completely protect against attacks of this type, it may be necessary to change the processor architecture itself. In other words, patches won't help here. The problem will be solved only in the next generation chips.
What users should do
The only sure way to solve the problem for PC and smartphone users is to promptly install all available updates for the operating system and software. Do not delay downloading available updates and do not forget to reboot your device after updating.
Recommended:
How to save all passwords from Chrome and transfer them to a third-party manager
Now passwords in Chrome can be saved as an Excel file and then easily imported into another third-party application
How Stan Lee has influenced you and all of modern culture
Yesterday, 95-year-old Stan Lee died - the face of Marvel, the creator of Spider-Man and the Hulk, a man whose appearance on the screen has always caused delight
AnonTab for Chrome, Firefox and Opera opens tabs in a safe environment
AnonTab downloads unknown and potentially dangerous links in an isolated tab. The extension is launched through the context menu of popular browsers
Apple releases MacBook Pro with new keyboard and Core i9 processors
Refreshed computers have improved keyboards with less loud key clicks, as well as fresh hardware. Apple has quietly refreshed its line of laptops, including both the 13-inch and 15-inch models. The third generation of Apple's signature Butterfly keyboard fixes many of the issues experienced by the latest generation of MacBook Pro owners.
Jawbone UP3 and UP Move - the most advanced and most budgetary fitness trackers of the company
Jawbone gadgets are intended to fill the high-end and low-end segments of the UP line and are named Move and UP3