Nobody will do that. You read memory locally and send back only interesting data. Or just use data locally too (for elevated privileges for example). Slow internet connection does not protect you.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Confirms 'Meltdown' and 'Spectre' Vulnerabilities Impact All Macs and iOS Devices, Some Fixes Already Released [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Nobody will do that. You read memory locally and send back only interesting data. Or just use data locally too (for elevated privileges for example). Slow internet connection does not protect you.
I agree and when people whine about a lack of "changelogs" or very minimal, they act annoyed. Well, one reason why they don't disclose too many details is it can give away vague details about an exploit that the vendor (Apple, MS, etc) found internally or were notified about privately and since many don't update or wait to update, it could leave them open to the exploit in case someone figures out what is 'broken' based on the changelog info.
It's kind of funny how some news sources are making this issue sound like a Mac/iOS only problem. Once you read past the clickbait headline the facts come clearer.
no, they are not designed by TSMC and Samsung. TSMC and Samsung are handed a gdsii or OpenAccess database that says "draw a polygon at these coordinates on poly silicon. Now draw a polygon at these coordinates on M1." Neither TSMC nor Samsung likely have any idea how the circuits on the A-series processors even work.
Yes they were. Refer to newly disclosed bugs fixed in December security patch here: https://support.apple.com/en-gb/HT208331
Then they are still designed by TSMC and Samsung. I believe Samsung and TSMC knows more than you give them credit for.
What are you talking about? How are they "designed" by TSMC and Samsung when all TSMC and Samsung do is build it exactly the way Apple tells them to? Apple determines how many transistors to use, the size and shape of each, and the size and shape of each layer of metal that connects them together, and provides a layer by layer blueprint that is plugged into the machinery at the fab and used directly by those machines to produce the chip. If I draw blueprints for a house and hand it to a building contractor, the building contractor didn't "design" the house. If I provide a file to a computerized machining tool telling it exactly where to remove metal from a machined part, the machine didn't "design" the part.
And you are wrong - I've taped out dozens of CPUs to fabs, and I know exactly what information is provided to the fab. How many have you taped out?
What about older Apple iDevices that are no longer receiving updates, are they now totally obsolete now due to this vulnerability?
Spectre works from browser. So if you in addition to above is not connected to internet - you almost safe
They are constructed by TSCM and Samsung, therefore TSMC and Samsung do know, to some extent, what they are doing and are not completely blind to the process.
They are handed a file with literally billions and billions of polygons in it. That's what they know. That's all they know. They don't know the purpose of any of these polygons unless they spend considerable effort reverse engineering it, inferring a netlist, trying to determine the purpose of each wire, etc. That would cost them millions of dollars of effort. Perhaps they do it, but it seems unlikely and is probably forbidden by the contract they have with apple (reverse engineering is forbidden by standard contracts).
I hope they keep pushing these security fixes to Sierra. Have to wait to upgrade to a newer Mac for at least another year.
Yeah. His argument is like claiming iPhone is designed by foxconn and my bathroom was designed by my plumber.
https://support.apple.com/en-us/HT208331
-----
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read kernel memory
Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5754: Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology GmbH, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology
Entry added January 4, 2018
-----
Not sure why Apple don't mention support for 12 and 11........
I bet Apple created Spectre and Meltdown to force people into upgrading iOS to slow down their phones to force people to upgrade.
Ho, Ho, Ho, Classic Apple.
Just kidding everyone. Conspiracy theories are fun narratives, aren't they?
Ho, Ho, Ho, Classic Apple.
Just kidding everyone. Conspiracy theories are fun narratives, aren't they?
I'm actually going to call you out on this. Show me a link to one of these news sources that headline or byline states it's an Apple ecosystem only. [Note: Using 9To5Mac, Macworld shouldn't count, since it's audience is exclusively driven for that ecosystem]. I mean an Ars Technica, Cnet.
Note that, per the link Juli posted as an update today, Apple has explicitly stated that all three of the actively maintained OS versions (El Capitan, Sierra, and High Sierra) have received the same mitigations against Meltdown.
Apple just edited the document today to correct that. Only 10.13.2 fixes Meltdown.
http://money.cnn.com/2018/01/04/technology/business/apple-macs-ios-spectre-meltdown/index.html
The headline specifically calls out Mac OS and iOS only. Granted CNN is quoting Apple, but it should have mentioned something about the other OSs.
Oh good grief - they made that new change within the past hour! (I was the one who sent that link to Juli - sorry, Juli!)
Of course a lot of this wasn't supposed to be out officially yet, so people are scrambling. I'm still assuming the other two OSes will be getting the patch, because to do otherwise would fundamentally change how Apple has managed OS X / macOS security.
Huh ... that's very odd - it didn't show up for me late yesterday when the other poster mentioned seeing it! I even did a "Find" for the CVE number and nothing came up. Thanks!
I wonder why the fix wasn't added to the older OSs? (They edited again to take them out)