Not sure if I should be worried, but Dan Goodin, AFAIK, knows what he’s talking about.
I think this is Apple Silicon’s version of Heartbleed. The rushed 14.4 Sonoma release may have had something to do with this vulnerability.
1 Like
The coverage I have read this far is that an exploit needs local access on your machine. That means you are already compromised, so not a huge risk for us normies yet.
Of course, attacks only get better with time, so it’s a bit disappointing to learn that the architecture of M-series chips isn’t more secure by design than Intel or AMD.
2 Likes
If I’m reading this article correctly, it is saying that this can’t be patched. But it is also saying that if cryptographic processes were relegated to the efficiency cores, it’s a non-issue. So wouldn’t a software fix be able to make that happen if somebody wanted it to? And wouldn’t that be a patch?
As I understand the problem, it has to do with the way the chip predicts the next bit of data it will need. You can’t “patch” hardware but you can use software to route data around the vulnerability. And that reduces the speed of your calculations.
I don’t recall what the problem was but Intel had a problem with their chip design years ago that affected all their x86 chips.
I didn’t remember the name until you posted, but yes. There were two, Spectre and meltdown.
https://www.cloudflare.com/learning/security/threats/meltdown-spectre/
1 Like
I could be wrong, but I took it as they don’t need access. That said every article I saw quickly lost me. The usual “safe practices” rule seems to still apply though.
I am starting to think I need some sort of scanner on my Macs. Not a real time one, just the weekly scan kind of thing. Not even sure where to start there.
I occasionally use the free version of Malwarebytes, but it’s up to Apple to fix all the vulnerabilities that are being found in the software on our devices.
I do both Bitdefender and MalwareBytes, both free, manually every week.