Apple Inc will release a patch for the Safari web browser on its iPhones, iPads and Macs within days, it said on Thursday, after major chipmakers disclosed flaws that leave almost every modern computing device vulnerable to hackers.
SingCert's advisory follows the release on Wednesday by global researchers of the full details of these two critical flaws in modern computer chips.
Google says that not all CPUs are vulnerable to the Meltdown and Spectre flaws, but if the result will look like this, with lots of red-colored text, then you're CPU and OS are vulnerable to these attacks. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information. Bearing in mind the number of chips with the flaw, the chances that your computer has a vulnerability are very high.
Alphabet's Google Zero Team in collaboration with academic and industry researchers from different countries have uprooted two security flaws, Reuters point out. Unfortunately, not all risks can be mitigated with software patches, and even they are able to, it would come in the cost of reduced system performance. "It is still too early to tell how many devices or which particular models will be affected most as the security issues were only discovered days ago", Jia said. These steps could slow the speed of the browser by less than 2.5%, Apple said in a statement posted on its website.
However, there are now no known attacks that have exploited these flaws, according to the Google researchers.
Microsoft has already pushed out a patch for Windows 10 and other Windows versions will be updated on Tuesday, January 9. The researchers said Apple and Microsoft had patches ready for desktop computers affected by Meltdown. Apple did not release a statement, but researchers have found evidence of patches in macOS and iOS. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time".More news: LG 88-inch 8K OLED TV is ready for CES 2018
With Meltdown, any vulnerable processor and unpatched operating system can be attacked, allowing the memory to be accessed and sensitive information released.
However, he said the pros of installing the patches outweigh the cons. AMD chips are also affected by at least one security flaw.
Google said its Android phones - which make up more than 80% of the global market - were protected if users had the latest security updates.
Google has published a list of all its devices and software that might need updates and what users have to do to install them, though many (like Chromebooks) will self install.
The flaws were first reported by tech publication The Register. As soon as hackers create code to use this new flaw, security software will help flag and possibly stop them. "Exploits for these bugs will be added to hacker's standard toolkits", said Guido.