![]() So, the bad news is, if you have an iPhone, iMac, iPad, or Macbook, you've very likely been affected by Spectre and Meltdown. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS. ![]() In the coming days we plan to release mitigations in Safari to help defend against Spectre. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. These issues apply to all modern processors and affect nearly all computing devices and operating systems. The company released the following statement: Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. On Thursday, Apple addressed the possibility that its products were affected by the security flaws on its support page. Specifically, Meltdown "breaks the most fundamental isolation between user applications and the operating system," according to researchers Spectre " breaks the isolation between different applications" and "allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets." The flaws create vulnerabilities that allow hackers to create programs that can steal any data being processed, which include passwords, photos, iMessages, emails, and basically any other otherwise hidden data that exists in running programs. The two bugs, which were revealed by researchers with Google's Project Zero and research institutions like Austria's Graz University of Technology on January 3, live inside your computer/phone/etc.'s processors, which are essentially your smart tech's brains. The good news is that, according to Apple, no customers have been affected yet, but, you know, stay tuned. basically everyone: Apple has announced that Meltdown and Spectre, two major flaws in computer chips that can make it easier for hackers to get their hands on your data, has affected all iPhones, iPads and Macs worldwide. ![]() Add in that 1 or their two attacks is via SMT, I think ASi is probably pretty safe from this.Bad news bears for folks with Apple products, i.e. I won't say this attack is impossible on Apple Silicon but as you say, it would be more difficult-probably much more difficult. That complexity isn't there in the M1 or any Arm RISC system. I was reading as much of the white paper as I could understand without doing further research and my conclusion is that even if the M1 is using a micro-op cache, the authors are using the x86 ISA complexity as a way of detecting micro-op cache hits and misses. This is also one of the main reasons M1 has such amazing single threaded performance since it isn’t limited by the decoder. The x86 ISA should die already. Micro-ops are fixed length and shouldn’t require much caching unlike Intel/AMD. ![]() The memory model of ARM makes these types of attacks more difficult. Since Apple's ARM SoC cores don't use SMT, it looks like they are safe from this. Someone with more knowledge of Arm CPU Architecture should chime in.Įdit: And apparently SMT (also known as hyper-threading) is involved. ![]() In general RISC CPUs have much simpler decoding so it is possible that micro-ops aren't cached at all or the cache structure is much simpler. The caching of micro-ops is the source of this vulnerability. I know that Apple's Arm CPUs use micro-ops but I don't know anything about if or how they are cached. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |