Security flaws put virtually all phones, computers at risk

Security flaws put virtually all phones, computers at risk”

"The potential liability is big for Intel", said Eric Johnson, dean of Vanderbilt University's Owen Graduate School of Management. The company provides an update engine that's included with its products-even old ones-that will find and download the files needed for the update.

Here's a look at what's affected, what's being done about it and whether you should worry.

Intel is at the center of the problem because it supplies the processors used in many of the world's PCs.

AMD is downplaying the effects of the processor flaws.

The difference here is in the design philosophy used by chip makers which favored speed gains over security in certain situations and will require rethinking future chip designs. Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn't have a roadmap to exploit the flaws. He warned that this should protect users for now, but the fact that malicious actors will continue to find ways to exploit the Meltdown and Spectre flaws "make it clear that CPU architecture decisions need to be rethought". "For most consumer devices, the impact may not be noticeable, however, the specific impact varies by hardware generation and implementation by the chip manufacturer", the company wrote. "This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system". A solution for Spectre likely doesn't exist as it's presumed that a new processor will have to be created to replace the problematic chips. ARM Holdings said it's working with Intel, AMD and operating system vendors to address the problem. Apple has said that it's MacOS and iOS devices are vulnerable and the company will be releasing updates soon, although an exact date is not available.

The bugs also affect cloud-computing services powering much of the internet. These services, offered by Amazon, Microsoft, Google, IBM and others, give smaller companies access to data centers, web hosting and other services they need to run their businesses. According to its benchmark tests, the patch has little or no measurable impact on the browser's performance, the company said. Government agencies and security experts said they knew of no cyber attacks that had exploited the vulnerabilities. "What (Intel's cloud customers) are going to say is, 'You wronged us, we hate you, but if we can get a discount, we'll still buy from you, '" Forrest said.

Advice from the U.S Computer Emergency Readiness Team's was grim.

That's not to say nothing can be done.

Consumers can mitigate the underlying vulnerability by making sure they patch up their operating systems with the latest software upgrades.

Microsoft has already released updates for Windows 10 that protect against both vulnerabilities. Mozilla says it's also implementing a short-term mitigation that disables some capabilities of its Firefox browser.

Сomo este

Más reciente