MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.
Issue link: https://digital.macdirectory.com/i/1134553
Any Times a Good Time for an Update By Securemac.com A tricky class of vulnerability rises from the grave to trouble us again, one of the world’s most popular communications apps turns out to have a glaring flaw in its code that requires an immediate update to fix, and it’s time again to update your Apple devices — those stories, and all the details you need to know, are right here. Here are the topics in this issue: • Zombies on the Prowl • News of a WhatsApp Vulnerability • A Slew of Updates from Apple ZOMBIES ON THE PROWL Recently we got word that there’s a new exploit for Intel processors making waves in the security community. This exploit can affect nearly every Intel processor model produced since 2011 — which more than likely means it can affect the Intel CPUs inside your Mac. TechCrunch says that bad guys using this exploit could fool a processor into giving up access to secretive data it’s holding inside. If you’ve been tracking security news for a while or if you’re a long time listener of The Checklist, this might sound a bit familiar, and for a good reason: all this is reminiscent of last year’s Spectre and Meltdown flaws that caused so much consternation. This new bug, dubbed ZombieLoad, is a potent one. Before we dive into the specifics of ZombieLoad, though, let’s quickly recap what Spectre/Meltdown were all about, and why they were such a big deal. Both flaws use a technologically sophisticated and advanced procedure to exploit a vulnerability in a very important but also very behind-the-scenes process in CPUs. To put it simply, your processor, in order to stay speedy for you, does its best to guess what part of a program the system will need to access next. To save time, it preloads that data and the code required to run it into a special cache on the processor. If its guess was correct, the processor runs the queued instructions immediately. If it’s not, it discards and runs the requested code instead. Using Meltdown or Spectre could allow someone to steal that “guessed” information before it’s discarded, which might include your passwords, secret encryption keys, and more.