Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: open
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
Where can I find official security advisories of involved/affected companies?
Intel Security Advisory [security-center.intel.com] / Newsroom [newsroom.intel.com]
Microsoft Security Guidance [portal.msrc.microsoft.com]
Amazon Security Bulletin [aws.amazon.com]
ARM Security Update [developer.arm.com]
Google Project Zero Blog [googleprojectzero.blogspot.co.at]
MITRE CVE-2017-5715 [cve.mitre.org] / CVE-2017-5753 [cve.mitre.org] / CVE-2017-5754 [cve.mitre.org]
Red Hat Vulnerability Response [access.redhat.com]
SUSE Vulnerability Response [suse.com]
CERT Vulnerability Note [kb.cert.org]
In particular, we have verified Spectre on Intel, AMD, and ARM processors.Their FAQ page (https://meltdownattack.com/#faq-fix) is helpful in sort out the details.
Q. Am I affected?
A. Most certainly, yes.
Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.
What are the chances my passwords have been swiped? and is there any way to tell?
While AMD is only affected by Spectre, it appears that Microsoft has just bricked several AMD Athlon PC's by causing them to become stuck at the Windows loading screen.
So, Microsoft suspended the security update for computers with AMD chips. (Customers with Intel chips can still get the update.)
Intel Corp on Thursday said that recently issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.