Intel announced that it started issuing updates to about 90% of its personal computer and server CPUs from the past five years or newer, through the makers of those devices. The bug affects nearly every computer, phone or other device made in the last 20 years, Find your bookmarks in your Independent Premium section, under my profile. And it is contained within just about every modern device. En quelque sorte, Meltdown fait «fondre» les protections entre les applications et le système d'exploitation. Create a commenting name to join the debate, There are no Independent Premium comments yet - be the first to add your thoughts, There are no comments yet - be the first to add your thoughts. A huge bug found in the fundamental architecture of computers could require them to be entirely re-designed. At the same time, according to Dell: "No 'real-world' exploits of these vulnerabilities [i.e., Meltdown and Spectre] have been reported to date [7 February 2018], though researchers have produced proof-of-concepts." Receive mail from us on behalf of our trusted partners or sponsors? D'après les chercheurs, Meltdown est plus facilement exploitable que Spectre. Quel est le meilleur home cinéma sans fil ? Spectre is harder for hackers to take advantage of but is also harder to fix and would be a bigger problem in the long term, according to Gruss. Spectre et Meltdown sont les surnoms donnés à deux failles majeures de sécurité. “Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”. Both Intel and Google said they were planning to release details of the flaws on 9 January, when they said more fixes would be available, but that their hand had been forced after early reports led to Intel stock falling by 3.4% on Wednesday. Russia's deputy prime minister Dmitry Rogozin has previously shared videos of Fedor handling and shooting guns at a firing range with deadly accuracy. The new security flaw could allow attackers into the most sensitive parts of a computer, and the information contained in it. It could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory. Test results are useless to post as I stated before, no change. Future US, Inc. 11 West 42nd Street, 15th Floor, Thank you for signing up to Tom's Hardware. It's not just Intel machines. Meltdown is currently thought to primarily affect Intel processors manufactured since 1995, excluding the company’s Itanium server chips and Atom processors before 2013. Independent Premium Comments can be posted by members of our membership scheme, Independent Premium. Quelle est la meilleure montre connectée ? Want to find out how Stronghold Cyber Security can help you? Il peut s'agir d'identifiants de connexion (un pseudo associé à votre mot de passe) que vous auriez enregistrés dans votre navigateur Web, le contenu de certains emails ou documents, etc. Ces bugs concernent plus particulièrement les processeurs des ordinateurs. As of this writing, no mitigation (bug fixes) exists, so there is not much if anything that consumers CAN do, other than maintain situational awareness. New security flaw is so bad it will require entire new computers, Millions of Android phones may need to be replaced due to Intel flaw, You may not agree with our views, or other users’, but please respond to them respectfully, Swearing, personal abuse, racism, sexism, homophobia and other discriminatory or inciteful language is not acceptable, Do not impersonate other users or reveal private information about third parties, We reserve the right to delete inappropriate posts and ban offending users without notification. © An update from Apple on what is needed for its Mac computers and iOS devices is expected. Regular consumers shouldn’t be impacted by the bug fixes too much, presumably, unless they run virtual machines or other I/O-intensive tasks on their computers. Everything NIST compliant DoD Contractors Need To Know Now That CMMC Version 1.0 Is Out! Receive news and offers from our other brands? And fixing it might mean re-designing the chips that power them almost from the beginning, researchers have warned. Has anyone done any testing? On craint aussi que ce bug puisse aussi être exploité au travers des navigateurs Web, comme l'a noté Mozilla dans une note de blog publiée mercredi soir. Fixes for Linux and Windows are already available. Page and Brin chose the name google as it recalled the mathematic term 'googol', meaning 10 raised to the power of 100, Chief engineer of LIFT aircraft Balazs Kerulo demonstrates the company's "Hexa" personal drone craft in Lago Vista, Texas on June 3 2019, Microsoft announced Project Scarlett, the successor to the Xbox One, at E3 2019. The class actions all focus on two major security flaws, dubbed “Meltdown” and “Spectre,” which affect nearly all Intel processors dating back to 1995. The company advised customers to update their devices’ operating systems and only download software from “trusted sources such as the App Store”. Everything you need to know about the Cybersecurity Maturity Model Certification (CMMC), Federal Computer Week sources Stronghold Cyber Security white paper for article on draft NIST 800-171B. You will receive a verification email shortly. You can find our Community Guidelines in full here. Currently, we have only verified Meltdown on Intel processors. Want to bookmark your favourite articles and stories to read or reference later? Il est ainsi possible pour un pirate informatique de passer de l'une à l'autre pour récupérer des données. Just like when Rey handed Luke the light saber, we are stuck waiting for answers on this one. “Intel has begun providing software and firmware updates to mitigate these exploits,” Intel said in a statement, denying that fixes would slow down computers based on the company’s chips. But perhaps more dramatic is the Spectre vulnerability, for which there is no easy fix. It is not even clear how the re-design could actually happen to remove Spectre, according to researchers, since there's no known fix for the problem. Testing on my own system using the normal CPU stress tests yielded no change. Une faille de sécurité dans des processeurs Intel menace la performance des ordinateurs, Des chercheurs alertent sur les failles de sécurité d'applis de rencontres, Une faille majeure découverte dans le protocole de sécurisation du Wi-Fi, Calendriers et résultats des matchs en direct, Résultats, classement général Tour De France, Conseils alimentation, nutrition et santé. Get instant access to breaking news, in-depth reviews and helpful tips. Dan Guido, chief executive of cybersecurity consulting firm Trail of Bits, said that he expects hackers will quickly develop code they can use to launch attacks exploiting the vulnerabilities. And it appears to exploit the very design of those chips, meaning that it affects products made not just by Intel, as initially reported, but a range of other technology too. Carte familles nombreuses : jusqu’à 75 % de réduction sur les billets de train. Des millions de machines sont ainsi concernées. The Meltdown name comes from the bug essentially “melting” the security barriers that were supposed to be enforced by hardware. Its long press release only made reference to installing updates, which would presumably only fix the issues with Meltdown. Plusieurs entreprises du secteur, comme la société française OVH ou Amazon Web Services et Azure (le service cloud de Microsoft) ont déjà annoncé le déploiement de ce patch. The robot Fedor will spend 10 days aboard the ISS practising skills such as using tools to fix issues onboard. However, we know from the researchers who discovered Meltdown that the bug affects Intel CPUs at least as old as 2011, and potentially all the CPUs Intel has built since 1995, with a few exceptions. Initial impressions after install, especially on laptops, was a bit concerning...they ran at 100% for a while and core temps hit 100C. We successfully tested Meltdown on Intel processor generations released as early as 2011. What is the Spectre bug aka Spectre attack? Visit our corporate site. "Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.". The updates include patches for the recently discovered. Though the flaw was only just revealed, security researchers have been secretly working to patch it for months – meaning that most consumer systems have actually already received patches for Meltdown. Researchers said Apple and Microsoft had patches ready for users for desktop computers affected by Meltdown, while a patch is also available for Linux. Généralement, un serveur sert à héberger les données de nombreux clients. Bugs qui font trembler le monde de l'informatique, vraiment ? The only thing that showed any real change was SSD performance. Que sont Spectre et Meltdown, les failles de sécurité qui font trembler le monde de l'informatique ? “The current Intel problem, if true, would likely not require CPU replacement in our opinion. Apple a déjà apporté des modifications sur macOS, le système d'exploitation des Macs. Meltdown effectively breaks through all four rings of the CPU Protection Ring model, whereas Spectre is limited to the outer ring only. Correction logiciel qui va induire des pertes de performance très importantes ! Tom's Hardware is part of Future US Inc, an international media group and leading digital publisher. These three are by far the most common CPUs on the planet, running literally billions of devices. Or, Spectre et Meltdown permettent à un logiciel malveillant d'y accéder. Meltdown and Spectre security flaws: so big they have their own logos. One of the problems, called Meltdown, is already fixed in many computers. Even if an attacker could execute this attack, it is highly unlikely they would get anything of value out of it. Intel bug: 'Spectre' security flaw is so fundamental that it will require every computer to be re-designed The bug affects nearly every computer, phone or other device made in the last 20 years Chromebooks updated to Chrome OS 63, which started rolling out in mid-December, are already protected. Well, rather than wait until my machines could pick it up on automatic Windows Update, I went and downloaded/installed it via the circulating Microsoft Update Catalog link. The Spectre bug could be a bigger problem if Intel and AMD do decide the only way to mitigate this problem is to disable branch prediction entirely. Google said it informed the affected companies about the Spectre flaw on 1 June 2017 and later reported the Meltdown flaw before 28 July 2017. VIDÉO - Ces deux bugs affectent les processeurs, au cœur des ordinateurs, des smartphones et des serveurs utilisés dans des services de cloud. You can also choose to be emailed when someone replies to your comment. Yes, definitely. Il n'existe en revanche pour le moment aucun correctif logiciel total pour Spectre, car le bug est inhérent à la manière dont sont conçues ces puces. On ignore par exemple si ces failles ont déjà été exploitées à des fins malveillantes. Google said that Android devices running the latest security updates were protected, including its own Nexus and Pixel devices, and that users of Chromebooks would have to install updates. The The search engine was founded in September 1998 by two PhD students, Larry Page and Sergey Brin, in their dormitories at California’s Stanford University. The most insightful comments on all subjects will be published daily in dedicated articles. Instead, the issue arises with the very foundations of the chips, meaning that they won't be fixed until computers are re-designed and replaced, according to security experts. Meltdown is “probably one of the worst CPU bugs ever found”, said Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw. Businesses Seeking Cyber Security Services, Spectre Bug aka Spectre Attack – What You…, Interview with Digital Guardian for article: “Cloud Computing Security Benefits”, Do you know how much is YOUR data worth on the Dark Web? “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” said Apple in a blog post, in reference to the fact that although the security flaws make it possible to steal data using malicious software, there was no evidence to suggest that this had happened. That being said, I didn't run any benchmarks but real-world performance doesn't seem affected...everything else in Windows and application speed seem to be unaffected. While work is already being done to address special cases of the vulnerability, the original website devoted to Spectre and Meltdown states: "As [Spectre] is not easy to fix, it will haunt us for a long time." Le Figaro fait le point. Unlike the Meltdown bug which only affects Intel processors, the Spectre bug impacts Intel, AMD, and some ARM (used in many smart phones and other mobile devices) processors. Users of other devices will have to wait for the updates to be pushed out by third-party manufacturers, including Samsung, Huawei and OnePlus. Some say these patches might affect performance. Comment choisir le meilleur extracteur de jus ? En France, les hauts revenus sont-ils tous des «riches»? $1, Channel Executive Magazine Interviews Stronghold Cyber Security CEO About Cyberattacks. Merci Intel !Classe action à prévoir ! However the situation is fluid,” Hans Mosesmann of Rosenblatt Securities in New York said in a note, adding it could hurt the company’s reputation. Cette mémoire est protégée. Android devices running the latest security update, including Google’s Nexus and Pixel smartphones, are already protected. Leurs conséquences pourraient être très graves. La plupart vont publier ce qu'on appelle un «patch», un peu comme une rustine logicielle, pour régler ou au moins limiter le problème, notamment dans le cas de Meltdown. In case you chase any problems or have some IT related questions then please let me know in the comments or inform me via my emails: ilovewindows78910@gmail.com or amismyle@hotmail.com-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------If you enjoyed my video then please LIKE and SHARE my video with others and also don't forget to SUBSCRIBE for more clever IT and technology tutorials!!!! a dévoilé l'existence de deux failles de sécurité majeures. However, Intel also mentioned that the performance penalty on some workloads will be reduced over time. Qu'est-ce que Spectre et Meltdown? Dans le cas de Spectre, c'est toute la manière dont sont aujourd'hui construits les processeurs, et donc les ordinateurs, qui doit être repensée. Les patchs proposés par Microsoft, Apple ou autres ne suffiront par ailleurs pas à régler complètement le problème. Readings are looking a lot more normal now. Russia has launched a humanoid robot into space on a rocket bound for the International Space Station (ISS). Meltdown, therefore, requires a change to the way the operating system handles memory to fix, which initial speed estimates predict could affect the speed of the machine in certain tasks by as much as 30%. He said: “Exploits for these bugs will be added to hackers’ standard toolkits.”. Microsoft said it was in the process of patching its cloud services and had released security updates on 3 January for Windows customers. The Google researchers also said that Spectre affects virtually all CPUs, including those from Intel, AMD, and ARM. But there also isn't any known exploit of it, either. Hardware Unboxed tested the 8700k (post patch) with win 10. Updates are expected to be delivered soon. En informatique, ces puces servent à traiter des données et à exécuter des instructions. ARM said that patches had already been shared with the companies’ partners. Ran tests many times. Possible, but very difficult. It could take many years for computers and chips to include fixes for the Spectre issue, and for the industry to recover. Et celles proposées aujourd'hui, sous forme de patch logiciel, pourraient affecter la performance de certains ordinateurs, notamment ceux qui sont équipés de processeurs anciens. Are you sure you want to delete this comment? Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system. Intel has been struggling to patch security flaws in its processors, but it has also been misleading customers about fixes. ‘Intel has begun providing software and firmware updates to mitigate these exploits,’ said the company in statement, Spectre and Meltdown processor security flaws – explained, security researchers at Google’s Project Zero, WannaCry, Petya, NotPetya: how ransomware hit the big time in 2017. Si l'un d'entre eux est un pirate, il peut potentiellement exploiter ce bug pour siphonner les informations des autres. Since Spectre represents a whole class of attacks, most likely, there cannot be a single patch for it. Please continue to respect all commenters and create constructive debates. The company didn’t mention which Windows versions will receive the patch, but we have to presume it’s at least Windows 7 and later. That patch comes with its own problems: it can slow down the systems by as much as 30 per cent. Un correctif pour Linux, un système d'exploitation libre qui équipe des ordinateurs et surtout de nombreux serveurs utilisés par des sociétés de cloud, est déjà disponible. New Intel CSME CPU Bug is 'Unfixable' Security Vulnerability Affecting Chipsets Released Over Last Five Years . Service offerings include regulatory compliance, penetration testing, advanced cyber risk management, along with customized cyber security programs. Amazon said all but a “small single-digit percentage” of its Amazon Web Services EC2 systems were already protected, but that “customers must also patch their instance operating systems” to be fully protected. There was a problem. The Spectre flaw affects most modern processors made by a variety of manufacturers, including Intel, AMD and those designed by ARM, and potentially allows hackers to trick otherwise error-free applications into giving up secret information. The $2000 folding phone has been found to break easily with review copies being recalled after backlash, Apple has cancelled its AirPower wireless charging mat, which was slated as a way to charge numerous apple products at once, India has claimed status as part of a "super league" of nations after shooting down a live satellite in a test of new missile technology, 5G wireless internet is expected to launch in 2019, with the potential to reach speeds of 50mb/s, Uber has halted testing of driverless vehicles after a woman was killed by one of their cars in Tempe, Arizona.