8/25/2023 0 Comments Spectre meltdown appleIt also began working with hardware and software manufacturers to help protect their users and the web. “These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them,” the blog continued.Īs soon as Google learned of the attack, it said it updated its systems and affected products. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine. For example, they could use the bug to read passwords, encryption keys or private data in applications. Project Zero researcher Jann Horn showed that hackers could take advantage of this flaw to read system memory that should be out of bounds. “This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise.” Meltdown and Spectre: What are they?Ī security blog post from Google researchers explains that its Project Zero team found serious security flaws in Intel, AMD and ARM chips caused by “ speculative execution” – a technique used by most modern processors (CPUs) to optimise performance – last year. “Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns,” Segura added. The company added its own software protected against the malware immediately. He added the company contacted Comodo and CloudFlare to report the dodgy download and immediately, they stopped the malware from operating. bid domain, including one that is a German template for a fake Adobe Flash Player update,” researcher Jerome Segura wrote in a blog post. “The Subject Alternative Name field within the abused SSL certificate shows other properties associated with the. The download is called Intel-AMD-SecurityPatch-10-1-v1.exe – a filename that looks pretty legitimate, but when users install it onto their computer, they’ll find it’s actually laced with the Smoke Loader malware, causing the computer to connect to domains, sending encrypted information to them via additional payloads. How to stop over 400 sites logging everything you type: A complete list of every site using session replay scripts The website offers advice about the vulnerabilities and then a download link with a zip file attached. The malware-infested patch was discovered by security firm MalwareBytes, which reported it found a particularly nasty variation on a German spoof site, sicherheit-informationstechnik.bid. This malware, known as Smoke Loader, looks to be an official patch but will actually let malware loose on your computer, posing potentially a greater threat than the original Meltdown and Spectre vulnerabilities. Somebody is pushing complete garbage for unclear reasons.”Īnd while manufacturers attempt to plug the holes, hackers have been working on fake patches, riddled with malware and distributed via dubious websites claiming to be supported by security authorities. In a post on to the Linux kernel mailing list, Torvalds described Intel’s patches as “complete and utter garbage,” adding “Somebody isn’t telling the truth here. None of these criticisms, however, have been quite as brutal as those more recently made by Linux founder Linus Torvalds. READ NEXT: Apple sued for deliberately slowing down older iPhones “We expect some may have a larger impact than others, so we’ll continue working with the industry to minimise the impact on those workloads over time.” “We believe the performance impact of these updates is highly workload dependent,” Krzanich said.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |