Wednesday, January 10, 2018

Apple Says All iPhones, Macs Exposed To "Meltdown", "Spectre" Flaws


(Tyler DurdenAll Mac iOS devices and systems are exposed and vulnerable to the recently discovered chip bugs known as Spectre and Meltdown, Apple confirmed on Thursday. The flaws, which as we discussed before, allow hackers unauthorized access to a computer’s memory and sensitive data, were discovered by security researchers at Google Project Zero on Wednesday. Security vulnerabilities called Meltdown and Spectre affect almost all modern CPUs, including those produced by Intel, AMD and ARM Holdings.



Related Apple Admits They Deliberately Slow Down Older iPhones As Software Updates Roll Out

Source - ZeroHedge

by Tyler Durden, January 5th, 2018

“All Mac systems and iOS devices are affected,” Apple acknowledged in a statement on Thursday, adding that no cases had yet been reported of customers being affected by the security flaws.

To address these security vulnerabilities, Apple users may have noticed a suspiciously timed software update released earlier this week for their iPads, MacBooks and iPhones – an update that appeared to precede news about the latest controversy involving makers of microprocessors. Intel, one of the world’s largest chipmakers, admitted that its chips contain a flaw making it easier for hackers to hoover up sensitive information like the owner’s passwords. It was later revealed that this flaw wasn’t exclusive to Intel’s chips: Indeed, it reportedly affects nearly all microprocessors in circulation, according to the New York Times.




Here’s a succinct explanation of the problems that we published earlier this week:

4. We're dealing with two serious threats. The first is isolated to #IntelChips, has been dubbed Meltdown, and affects virtually all Intel microprocessors. The patch, called KAISER, will slow performance speeds of processors by as much as 30 percent.

5. The second issue is a fundamental flaw in processor design approach, dubbed Spectre, which is more difficult to exploit, but affects virtually ALL PROCESSORS ON THE MARKET (Note here: Intel stock went down today but Spectre affects AMD and ARM too), and has NO FIX.

Users may have been wary after reading last month about Apple admitting what was long suspected by many loyal customers: That the company intentionally engineers software updates to slow down older products, thereby hastening the cycle of planned obsolescence that has helped establish Apple as the world’s most valuable company.

But as it turns out, the software update was designed to try and plug some of the security holes resulting from Intel’s Meltdown flaw.


Specifically, Apple issued updates for the iOS 11.2, macOS 10.13.2 and tvOS 11.2 systems to protect against Meltdown, which the company believes “has the most potential to be exploited.”

According to Bloomberg, despite concern that fixes may slow down devices, Apple said its update to address the Meltdown issue haven’t dented performance. The company will release an update to its Safari web browser in coming days to defend against the Spectre flaw described above.

As noted, while Macs and iOS devices are vulnerable to Spectre attacks through code that can run in web browsers, Apple said it would issue a patch to its Safari web browser for those devices "in the coming days." However, Apple said these steps could slow the speed of the browser by less than 2.5%.

The updates affected all iPads, iPhones, iPod touches, Mac desktops and laptops, and the Apple TV set-top-box. The Apple Watch, which runs a derivative of the iPhone’s operating system is not affected, according to the company.


Browser makers Google, Microsoft Corp and Mozilla Corp’s Firefox all told Reuters that the patches they currently have in place do not protect iOS users. With Safari and virtually all other popular browsers not patched, hundreds of millions of iPhone and iPad users may have no secure means of browsing the web until Apple issues its patch.

Still, some customers were angry at tight-lipped Apple PR’s reticence on the issue following the revelations about the chip flaws earlier this week.

Ben Johnson, co-founder and chief strategist for cyber security firm Carbon Black, said the delay in updating customers about whether Apple’s devices are at risk could affect Apple’s drive to get more business customers to adopt its hardware.

“Something this severe gets the attention of all the employees and executives at a company, and when they go asking the IT and security people about it and security doesn’t have an answer for iPhones and iPads, it just doesn’t give a whole lot of confidence,” Johnson said.

Finally, Apple stressed that there were no known instances of hackers taking advantage of the flaw to date. For Apple's sake this better remain the case or else sellside analysts may just have to lower their iPhone sales forecasts for the foreseeable future.

_________________________
Stillness in the Storm Editor's note: Did you find a spelling error or grammar mistake? Do you think this article needs a correction or update? Or do you just have some feedback? Send us an email at sitsshow@gmail.com with the error, headline and urlThank you for reading.
_______
Source:
________________________________________________________________
Question -- What is the goal of this website? Why do we share different sources of information that sometimes conflicts or might even be considered disinformation? 
Answer -- The primary goal of Stillness in the Storm is to help all people become better truth-seekers in a real-time boots-on-the-ground fashion. This is for the purpose of learning to think critically, discovering the truth from within—not just believing things blindly because it came from an "authority" or credible source. Instead of telling you what the truth is, we share information from many sources so that you can discern it for yourself. We focus on teaching you the tools to become your own authority on the truth, gaining self-mastery, sovereignty, and freedom in the process. We want each of you to become your own leaders and masters of personal discernment, and as such, all information should be vetted, analyzed and discerned at a personal level. We also encourage you to discuss your thoughts in the comments section of this site to engage in a group discernment process. 

"It is the mark of an educated mind to be able to entertain a thought without accepting it." – Aristotle

The opinions expressed in this article do not necessarily reflect the views of Stillness in the Storm, the authors who contribute to it, or those who follow it. 

View and Share our Images
Curious about Stillness in the Storm? 
See our About this blog - Contact Us page.

If it was not for the gallant support of readers, we could not devote so much energy into continuing this blog. We greatly appreciate any support you provide!

We hope you benefit from this not-for-profit site 

It takes hours of work every day to maintain, write, edit, research, illustrate and publish this blog. We have been greatly empowered by our search for the truth, and the work of other researchers. We hope our efforts 
to give back, with this website, helps others in gaining 
knowledge, liberation and empowerment.

"There are only two mistakes one can make along the road to truth; 
not going all the way, and not starting." — Buddha

If you find our work of value, consider making a Contribution.
This website is supported by readers like you. 

[Click on Image below to Contribute]


Support Stillness in the Storm