Daily Mirror (Sri Lanka)

Tech firms rush out patches for ‘pervasive’ computer flaw

-

Amid a frantic rush to patch a computer security flaw, experts struggled Thursday to determine the impact of a newly discovered vulnerabil­ity which could affect billions of devices worldwide.

Cybersecur­ity researcher­s called for computer systems to urgently install updates a day after the release of details of the so-called Spectre and Meltdown vulnerabil­ities affecting the chips powering most modern PCS and many mobile devices.

Researcher­s on Wednesday published details of the flaw, which unlike many other vulnerabil­ities stems from the chip itself and how it safeguards private data stored on computers and networks.

The researcher­s at Google showed how a hacker could exploit the flaw to get passwords, encryption codes and more, even though there have been no reports of any attacks using the vulnerabil­ity.

“The full extent of this class of attack is still under investigat­ion and we are working with security researcher­s and other browser vendors to fully understand the threat and fixes,” said Mozilla researcher Luke Wagner in a blog post.

The revelation­s “attack the foundation­al modern computer building block capability that enforces protection of the (operating system),” said Steve Grobman, Chief Technology Officer at security firm Mcafee.

“Businesses and consumers should update operating systems and apply patches as soon as they become available.”

Computer chipmaking giant Intel -- the focus of the first reports on the flaw -- said the company and its partners “have made significan­t progress in deploying updates” to mitigate any threats.

“Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” an Intel statement said.

“In addition, many operating system vendors, public cloud service providers, device manufactur­ers and others have indicated that they have already updated their products and services.” But John Bambenek, a Fidelis security researcher who works with the SANS Internet Storm Center, warned that it may be too soon to know the extent of the problem.

“This bug is probably worth its name and logo considerin­g the pervasive nature of the vulnerabil­ity,” Bambenek said in a blog post.

“Contrary to some initial reporting, this is NOT just an Intel bug, it affects AMD and ARM processors as well. These could even be used in cloud... environmen­ts to leak memory outside the running

virtual machine.” In a web page dedicated to the vulnerabil­ity, security researcher­s said Meltdown and Spectre may “get hold of secrets stored in the memory of other running programmes. This might include your passwords stored in a

password manager or browser, your personal photos, emails, instant messages and even business-critical documents.” The two flaws “work on personal computers, mobile devices, and in the cloud,” the researcher­s said.

 ??  ??

Newspapers in English

Newspapers from Sri Lanka