Google has great news about fixing the Meltdown and Spectre chip flaws

Ajustar Comentario Impresión

Meltdown allows a corrupted computer program to access the memory of other programs, apps or operating systems which are normally inaccessible, according to various researchers. The New York Times called Meltdown "a particular problem for the cloud computing services run by the likes of Amazon, Google and Microsoft" while The Verge said, "The CPU catastrophe will hit hardest in the cloud", but in fact cloud services have done more to protect themselves against the newfound flaws than most of the rest of us. Google's cloud infrastructure doesn't rely on any single technology to make it secure.

A related attack, which they call Spectre, is potentially wider reaching because it "breaks the isolation between different applications".

If the user chooses another action instead, liking turning on their phone's torch or pausing their music, the speculative execution is rolled back.

The biggest names in the sector, including Amazon, Google, Microsoft and Mozilla, are now rushing out updates and patches to eliminate the flaw. "Disabling JavaScript is unmanageable given its use by most web sites".

Meltdown, Spectre chip level flaw: Intel says it is rapidly issuing updates for all computers, servers powered by its processors.

Scale helps justify the massive investment needed to develop improved semiconductor technology and produce chips.

Google on Thursday explained that fixing the severe security issues that affect computers of all sizes out there, with special emphasis on Intel-powered devices, won't cause significant slowdowns. Unsurprisingly, these firms were quick to roll out patches for Meltdown and force customers to restart their systems.

"All G Suite applications have already been updated to prevent all known attack vectors".

The security patch that Microsoft released yesterday is just for Meltdown, and it also includes some specific fixes for Microsoft Edge and Internet Explorer 11. But Intel and Arm say both exploits can be patched with software updates from them and operating system makers over the coming days and weeks.

"We have some ideas on possible mitigations and provided some of those ideas to the processor vendors; however, we believe that the processor vendors are in a much better position than we are to design and evaluate mitigations, and we expect them to be the source of authoritative guidance", Horn said.

On top of this, the company has also produced a PowerShell script that checks whether your PC is vulnerable. Present in just about every processor shipped by the chipmaker since 1995, the flaw can be used to unravel some of the most critical security mechanisms used in operating system software. Both allow hackers to access system memory in a device which is normally unreachable, revealing passwords, encryption keys and cached files, which is why they're being treated so seriously. "The remaining ones will be completed in the next several hours, with associated instance maintenance notifications".

There's no complete software patch for Spectre right now, said Michael Daly, chief technology officer of cybersecurity and special missions at Raytheon, a defense company.

At the moment, there have been no reported uses of Meltdown or Spectre in the wild. Speculative execution improves speed by operating on multiple instructions at once-possibly in a different order than when they entered the CPU. Here are the practical steps you can take to ensure your passwords and sensitive data stays safe.

Intel says it is rapidly issuing updates for all computers, servers powered by its processors after researchers at Google Project Zero discovered two exploits named Meltdown and Spectre.

So, how long has the industry known about the vulnerability?

Intel last year said it would spend $7 billion on a U.S. factory, and it had already started building the facility years ago. An upcoming browser update, Chrome 64, will provide protections against the exploits when it's available Jan. 23.