Vulnerabiltiies


'Vulnerabiltiies' Articles

Intel CEO Pledges Commitment to Security Following Meltdown and Spectre Vulnerabilities

Intel CEO Brian Krzanich today wrote an open letter to Intel customers following the "Meltdown" and "Spectre" hardware-based vulnerabilities that impact its processors. In the letter, Krzanich says that by January 15, updates will have been issued for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder coming at the end of January. For Apple customers, macOS and iOS devices have been patched with protection against Spectre and Meltdown. Meltdown was addressed in macOS High Sierra 10.13.2 and iOS 11.2, while Spectre mitigations were introduced in a macOS 10.13.2 supplemental update and iOS 11.2.2, both of which were released this week. The vulnerabilities have also been addressed in older versions of macOS and OS X. According to Krzanich, going forward, Intel promises to offer timely and transparent communications, with details on patch progress and performance data. Because Spectre and Meltdown are hardware-based vulnerabilities, they must be addressed through software workarounds. In some cases, these software patches cause machines to perform more slowly. Apple users do not need to worry about performance impacts. According to Apple, Meltdown had no measurable reduction in performance on devices running macOS and iOS across several benchmarks. Spectre, fixed through a Safari mitigation, had no measurable impact on most tests, but did impact performance by less than 2.5% on the JetStream benchmark. Apple says it plans to continue to refine its mitigations going further. In addition to remaining transparent

Apple Once Again Blocks Older Versions of Adobe Flash Player Due to Vulnerability

Last week Adobe issued a security advisory for Flash Player, indicating that version 21.0.0.242 and earlier had a critical vulnerability that could potentially cause a crash and allow an attacker to take control of the infected system. Adobe issued a fix a couple days later. Apple today published a support document explaining that users with out-of-date versions of the Adobe Flash Player plug-ins will see a "Blocked plug-in," "Flash Security Alert," or "Flash out-of-date" message when attempting to view Flash content in Safari. Plug-ins like Adobe Flash Player have long been an issue for Apple, requiring forced updates and security fixes to patch vulnerabilities. When vulnerabilities arise, Apple has been consistent in blocking older versions of the web plug-ins. Apple is looking to reduce the risk of potential issues with macOS Sierra, in which Safari will deactivate Flash Player and other plug-ins by default in an effort to push the more modern HTML5. To continue using Flash, users must download the latest Adobe Flash Player update from Adobe's website