Warning: session_start(): open(/tmp/sess_jlktd61t0dfnhgal3sius4k172, O_RDWR) failed: Disk quota exceeded (122) in /home/buysella/public_html/wp-content/themes/boombox/includes/rate-and-vote-restrictions/vote/class-boombox-vote-restriction.php on line 193

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/buysella/public_html/wp-content/themes/boombox/includes/rate-and-vote-restrictions/vote/class-boombox-vote-restriction.php:193) in /home/buysella/public_html/wp-content/themes/boombox/includes/rate-and-vote-restrictions/vote/class-boombox-vote-restriction.php on line 193

Warning: session_write_close(): open(/tmp/sess_jlktd61t0dfnhgal3sius4k172, O_RDWR) failed: Disk quota exceeded (122) in /home/buysella/public_html/wp-content/themes/boombox/includes/rate-and-vote-restrictions/vote/class-boombox-vote-restriction.php on line 196

Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in /home/buysella/public_html/wp-content/themes/boombox/includes/rate-and-vote-restrictions/vote/class-boombox-vote-restriction.php on line 196
Google, Microsoft find another Spectre, Meltdown flaw – CNET – Viral Trends

Google, Microsoft find another Spectre, Meltdown flaw – CNET



Researchers discover a fourth variant of the Spectre and Meltdown flaws found in hundreds of millions of chips.


Thomas Samson / AFP/Getty Images

Intel and Microsoft on Monday disclosed a newly found variant of the Spectre and Meltdown security flaws, revealing another vulnerability in chips used in hundreds of millions of computers and mobile devices. 

Intel is calling the new strain “Variant 4.” While this latest variant taps into many of the same security vulnerabilities that were first revealed in January, it uses a different method to extract sensitive information, according to the company.

Spectre and Meltdown have continued to haunt companies like Intel, Arm and AMD, which have produced chips with the flaws for everything from computers and laptops to mobile devices. The vulnerabilities, which could allow attackers to read sensitive information on your CPU, affected hundreds of millions of chips from the last two decades. While companies like Intel, Apple and Microsoft have issued updates to patch the flaws, the fixes haven’t always worked as intended, sometimes causing computer problems.

Hackers often scour online for vulnerabilities that’ll allow them to carry out attacks. The WannaCry ransomware attack, for example, took advantage of Windows computers whose owners never implemented a Microsoft patch.

But even after Intel and other companies fixed the first strain, researchers expected new variations of the original vulnerability to pop up. In January, Arm CEO Simon Segars predicted that a flaw like Spectre would most likely happen again. Monday’s advisory is the latest example of companies facing the ongoing security issue.

Intel is classifying Variant 4 as a medium risk because many of the exploits it uses in web browsers were fixed in the original set of patches, according to a blog post from the company. The newly found variant uses something called “Speculative Store Bypass,” which could allow your processor to load sensitive data to potentially insecure spaces.

In the US-CERT’s advisory, officials said the new flaw would allow attackers to read older memory values on your CPU.

The company said it hasn’t seen this vulnerability used by hackers, and that it’s releasing a complete fix for the flaws over the coming weeks. Intel’s executive vice president of security, Leslie Culbertson, said in a post that Intel has already made the update available for manufacturers and software vendors. 

While she said Intel doesn’t expect the patch to affect computer performance, she acknowledged that performance on the company’s test systems dropped between 2 to 8 percent. The fix is designed to be off by default, according to Intel, and it’ll be up to vendors to enable it.

In a security advisory published by Microsoft, the company said it was possible for a potential attacker to leverage JavaScript in browsers to carry out the attacks.

Researchers from Google’s Project Zero, who discovered the first set of vulnerabilities, first reported the issue to Intel, AMD and Arm in February. The team also classified it as a medium severity risk. 

In a white paper from Arm, the company said the majority of its processors were not affected by the new variant.

“It is important to note that this method is dependent on malware running locally,” Arm said in a post.

An AMD security advisory also warned users to keep their systems updated and said Microsoft was wrapping up testing for an AMD-specific fix.

First published May 21 at 2:49 p.m. PT.
Update at 2:11 p.m.:
 Adds more details on the newly announced flaw; at 2:48 p.m.: Adds details from Microsoft and Google on Variant 4; at 3 p.m.: Adds comments from Arm and AMD; at 3:22 p.m.: Adds details on performance issues.

‘Hello, humans’: Google’s Duplex could make Assistant the most lifelike AI yet.

Cambridge Analytica: Everything you need to know about Facebook’s data mining scandal.



Source link

Your reaction?
Cute Cute
0
Cute
Fail Fail
0
Fail
Geeky Geeky
0
Geeky
Lol Lol
0
Lol
Love Love
0
Love
Omg Omg
0
Omg
Win Win
0
Win
Wtf Wtf
0
Wtf

Leave a Reply

Your email address will not be published. Required fields are marked *

log in

reset password

Back to
log in