While we were sleeping Apple dropped an update for iOS users that addresses Spectre – the two vulnerabilities that make it possible for items in kernel memory to be available to user processes. Although there aren’t any known exploits for this, and the related Meltdown vulnerability, in the wild the update is an important one for all iOS users.
Apple has published a response on what they’ve done to counter the Spectre and Meltdown vulnerabilities, which are detailed at Google’s Project Zero security blog.
There’s been a widespread expectation that dealing with these vulnerabilities will result in significant hits to system performance. Cisco has suggested that end-to-end encryption of all data is a big part of the solution but that’s going to take some substantial application redevelopment and a likely hit on performance, at least until Moore’s Law covers the potential performance deficit.
With the three vulnerabilities that form the Spectre and Meltdown vulnerability families having been around for a long time, it’s possible that some exploits have been in development. That’s why it’s important to suck up any potential performance hits and update systems against the vulnerabilities.
Microsoft has also released an update for Windows but beware if you’re running a system using an AMD processor. There are reports the Microsoft fix (Security Update for Windows KB4056892) bricks some AMD systems.
Leave a Reply
You must be logged in to post a comment.