After Meltdown and Specter, discovered a vulnerability that affects iPhone, iPad and Mac -


Post Top Ad

Post Top Ad

Wednesday, 23 May 2018

After Meltdown and Specter, discovered a vulnerability that affects iPhone, iPad and Mac

Earlier in the year we told you that two vulnerabilities had been discovered that would affect Intel processors , that is, the bulk of domestic computer equipment , including many of the iPhone, iPad and Mac models .

With the release of the iOS 11.2.2 update, Apple protected its entire ecosystem from the Spectrum vulnerability , but yesterday a new threat loomed over the horizon .

Its name is Variant 4, also known as Speculative Store Bypass, and it works similarly to Specter, taking advantage of CPU operations to enable hackers to gain access to sensitive information , as we read in the official Intel blog.

The Specter and Meltdown family of vulnerabilities affects all modern processors of Intel, ARM and AMD , but since the beginning of the year, Intel is more careful in its design, especially considering its privileged position in the market.

What is Variant 4?
In Intel they provide technical data about Variant 4:

CVE-2018-3639 - Speculative Store Bypass (SSB), also known as Variant 4 .

Systems with microprocessors employ speculative executions. This speculative memory execution reads before writing, which allows unauthorized access to information with local access.

According to Intel, this new vulnerability has a moderate risk , basically because most of the exploits it uses have already been detected in the latest updates, thanks in large part to the Meltdown and Specter vulnerabilities.

This variant of Spectrum would constitute a security breach that could potentially affect millions of computers and mobile devices from different manufacturers , including Apple.

How can I protect my iPhone and iPad against Variant 4?
When dealing with vulnerabilities that affect the hardware, these vulnerabilities, rather than eliminated, are mitigated , but the Intel chips of the future will not be so vulnerable. According to the manufacturer, the next generation of processors - Cascade Lake - and the eighth generation of Intel Core, will be redesigned to be fully protected.

However, Intel will release a patch imminently that will prevent Variant 4 from being exploited in other ways to gain access to information by the attackers.

The patches to mitigate the risk of Variant 4 have already been released in beta form and distributed by both hardware manufacturers and software developers. However, Intel allows manufacturers and developers to implement additional security measures of their own . In a matter of very little time, this solution will be integrated by default, so that we can activate it.

As it happened with the previous patch, there are always certain fears that these measures reduce the performance of processors . In the previous scandal, a rumor even came to suggest that the processor power of the iPhone was down by 40% , something that was quickly denied. According to Macrumors , no significant impacts on performance have been detected, as much as 2 to 8% in some teams.

Although iOS and Mac devices could be affected by these vulnerabilities, Apple has always been quick to release patches , so it is expected that in a few hours Apple will publish a new update iOS and macOS.

No comments:

Post a Comment

Post Top Ad