Discussion in 'Hardware Components and Aftermarket Upgrades' started by Dr. AMK, Nov 21, 2017.
How I hate 'apps', let me count the ways. sigh...
Nvidia Patches Eight Security Vulnerabilities Across Most Product Lines Tomshardware.com | March 1, 2019
Most graphics drivers are exciting because they add support for new hardware, include optimizations for the latest games, or fix issues found in their predecessors. A batch of new drivers from Nvidia offers a different incentive: protection against eight vulnerabilities that could be used to conduct various attacks...
Google Discloses Unpatched 'High-Severity' Flaw in Apple macOS Kernel
Cybersecurity researcher at Google's Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified.
New "Thunderclap" Vulnerability Threatens to Infect Your PC Over Thunderbolt Peripherals Techpowerup.com | Mar 4, 2019
A new security vulnerability named "Thunderclap" severely compromises security of computers with USB type-C Thunderbolt ports, or machines with Thunderbolt 3 (40 Gbps) ports. This would be pretty much every MacBook released in the past two years, Macs, and PCs with certain aftermarket Thunderbolt 3 adapters. Chronicled in a paper by the Department of Computer Science and Technology at the University of Cambridge, Rice University and SRI International, is a method for Thunderbolt devices to bypass the host machine's IOMMU (I/O memory management unit), and read its main memory over DMA.
An IOMMU translates address-spaces between devices and main memory, and hence protects your memory's contents being read by just about any device. The group has detailed possible ways to mitigate this vulnerability, and forwarded these mitigations to Apple, Intel, and Microsoft. For now no public mitigation exists other than disabling the Thunderbolt controller of your machine in your motherboard's UEFI setup program.
Intel’s Newest Spoiler: A Spectre-Style Hardware Exploit That Leaks Private Data Hothardware.com | Mar 5, 2019
Just when we thought that the worst was over with respect to speculative execution hardware exploits like Spectre, we get hit with another whopper. Such is the case with a new Intel processor vulnerability dubbed Spoiler. Spoiler is similar in...
Given that Spoiler was just revealed to the public, there are no current software mitigation solutions available. And there’s of course no timeline as to when a potential fix can be implemented in hardware or what kind of performance impact it would have.
SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
'Leakage ... is visible in all Intel generations starting from first-gen Core CPUs'
Updated Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel CPUs to steal secrets and other data from running applications.
More info in this thread too:
And yet some more -
"All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix"
Microsoft Releases Patches for 64 Flaws — Two Under Active Attack
It's time for another batch of "Patch Tuesday" updates from Microsoft.
Microsoft today released its March 2019 software updates to address a total of 64 CVE-listed security vulnerabilities in its Windows operating systems and other products, 17 of which are rated critical, 45 important, one moderate and one low in severity.
The update addresses flaws in Windows, Internet Explorer, Edge, MS Office, and MS Office SharePoint, ChakraCore, Skype for Business, and Visual Studio NuGet.
Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition
Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update.
The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another in Adobe Digital Editions.
Separate names with a comma.