- #Spectre meltdown apple software#
- #Spectre meltdown apple code#
- #Spectre meltdown apple mac#
- #Spectre meltdown apple windows#
The other exploitation techniques are known collectively as Spectre (sometimes spelled Specter).
#Spectre meltdown apple code#
Successful exploitation could allow an attacker's code running in a user-privileged app to read kernel (superuser-privileged) memory.Īpple said that its own analysis suggested that the Meltdown exploitation technique "has the most potential to be exploited" as compared with the Spectre exploitation techniques. It may also be referred to as the "rogue data cache load" technique, or CVE-2017-5754. Meltdown is the nickname for one of two major categories of exploits at this time. CVE stands for Common Vulnerabilities and Exposures, and CVE numbers are used for the purpose of tracking the same bug across multiple vendors and media outlets, as bugs tend to be described in many different ways and may have various nicknames. You may also see references to "CVE" numbers associated with these bugs. There's also a not-safe-for-work nickname that was reportedly conceived by the Linux kernel team: F***WIT (which stands for "Forcefully Unmap Complete Kernel With Interrupt Trampolines"). When the story broke, it was at first being discussed online under the name KPTI in reference to Kernel Page-table Isolation (formerly called KAISER), a feature of the Linux kernel that mitigates the Meltdown vulnerability. " Meltdown" and " Spectre" are the main names that have caught on in association with this bug each of these are unique and will be described further in their own sections below. Perhaps the broadest term for the vulnerabilities in question would be "speculative execution vulnerabilities." What do all these names mean?Ī vulnerability may be known by many names.
The end result of leveraging Meltdown and Spectre could include leaks of sensitive data such as passwords and credit card information, among other things. Speculative execution is a processing feature that enables computing devices to run faster by predicting what will happen next in an app, and preemptively working toward multiple possible outcomes all at once. "Meltdown" and "Spectre" are nicknames for techniques that can enable an attacker to access computer memory that shouldn't be accessible this is accomplished by abusing a technology called "speculative execution." (At least, that was the plan until "python sweetness" and The Register brought the issue out of obscurity and into the public spotlight.)
#Spectre meltdown apple software#
It turns out that Intel and a handful of software development giants, among them Apple, Microsoft, and the Linux kernel developers, have known about the design flaw since at least November 2017 and have been working behind the scenes to prepare for a coordinated public disclosure and remediation of the issue.
#Spectre meltdown apple windows#
Macs, along with the vast majority of the world's Windows and Linux PCs, use Intel processors.Īs more information came to light in the subsequent days, it became clear that more than just Intel CPUs are affected there are also implications for other processor architectures, including AMD processors as well as ARM-based processors like those found in Apple's iPhones and iPads. The Register published an article the following day that emphasized the design flaw with regard to Intel processors, and from there snowballed into a worldwide discussion about a serious flaw in Intel CPUs that had major security implications. On Monday, January 1, 2018, a developer blog, called "python sweetness," brought to light an issue in which "there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve." Never fear, that's why we're here! It's a complex problem, but we'll break it down and share the main tidbits about these vulnerabilities you need to know as a user of Apple products. You've probably heard something about " Meltdown" and " Spectre," perhaps even in the mainstream media, and you likely heard that it has something to do with an Intel security flaw.īut do you know how it affects your Apple devices-your Mac, iPhone, iPad, iPod touch, Apple Watch, or Apple TV-and what actions you may need to take to stay safe?
#Spectre meltdown apple mac#
Posted in the Intego Mac Security Blog on January 8th, 2018 by Joshua Long
0 kommentar(er)
