Mardi, 23 Octobre 2018
Latest news
Main » Massive security flaw detected in recent generations of CPUs

Massive security flaw detected in recent generations of CPUs

13 Janvier 2018

The relatively easy-to-implement exploit could give malicious apps a pathway to a device's kernel memory data.

Security researchers had disclosed two security flaws exposing vulnerability of almost every modern computing device containing chips from Intel, Advanced Micro Devices and ARM Holdings. This means that apart from PCs, Spectre is present in smartphones as well. This general goal technique is already live on the "entire fleet of Google Linux production servers that support all of our products, including Search, Gmail, YouTube, and Google Cloud Platform". Microsoft and Linux Foundation are working on patches to fix the vulnerabilities while Apple has yet to make a statement on the matter.

The security flaws are located in each computer's brain, known as the central processing unit or CPU.

The company said the patch will remedy 90% of the chips it has released in the last five years, making them immune to the problem.

While Intel has been plagued with the Meltdown bug, the Spectre flaw is more widespread and could prove to be incredible hard to fix.

Two hardware bugs can be exploited to allow the memory content of a computer to be leaked.

On servers such as those run by Google Cloud Services, Amazon Web Services or Microsoft Azure for corporate customers, hackers can even steal data from multiple customers.

Though the sale raises insider trading concerns, the Securities and Exchange Commission has not publicly said if it will investigate Krzanich.

"Businesses and consumers should update operating systems and apply patches as soon as they become available". The ARM design is also used in Apple's mobile chips. Mike Ybarra, Xbox platform lead, tweeted that the security architecture of Xbox already includes mitigation against Meltdown and Spectre vulnerabilities.

It advised only getting apps from its online App Store which vets programs for safety, and said it has already released some "mitigations" to protect against the exploit and planned to release a defensive update for Safari on macOS and iOS in the coming days. But AMD also told its customers that "total protection from all possible attacks remains an elusive goal" and encouraged them to regularly update their software.

Android users can accept the automatic security updates provided by device makers and reboot the devices. We'll update the article once more information is available. Those using Chrome browser will receive an update on January 23.

"As we typically do when a potential security issue is identified, AMD has been working across our ecosystem to evaluate and respond to the speculative execution attack identified by a security research team to ensure our users are protected".

Massive security flaw detected in recent generations of CPUs