A major security flaw was recently discovered in a number of modern processors which could grant hackers access to users’ data. The flaw could allow hackers access a user’s passwords, encryption keys and other sensitive information which are stored in the protected kernel memory of his or her computer, phone or tablet. The flaws are simply identified by the names Spectre and Meltdown and they affect chips manufactured by Intel and Arm, with affected models going back several decades. Intel is the largest maker of chips for PCs and laptops so the number of systems that could be affected run into millions of units. Intel’s rival AMD believes its chips are safe, saying in a statement, “Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time.”

Although the chipmakers have hinted that they have got fixes ready to be installed on affected units, but the timeline of who Intel contacted about the flaws and when they did that might be contentious. Wall Street Journal sources have claimed that Intel initially told a handful of customers about the processor vulnerabilities. The company is reported to have informed Chinese tech companies like Alibaba and Lenovo but did not inform the US government since most of the affected chips might be in the hands of Americans and there are several U.S vendors running systems that are vulnerable to the flaws.

Read More: Xiaomi Mi Notebook Air 13.3-inch Gets A Refresh With 8th-Gen. Intel i5 & i7 Processors

Ordinarily, this shouldn’t be an issue as the tech giant needs to coordinate fixes with its partners but because of the Chinese government policy, it portends danger bearing in mind that the Chinese government routinely monitors conversations like this. Thus it is possible that the Chinese government could have theoretically exploited the holes to intercept data before patches were available. We are not sure anything of such ever happened anyway.

An Intel spokesman wasn’t forthcoming on details of who it informed and even added that the company couldn’t notify everyone (including US officials) in time because Meltdown and Spectre had been revealed early. Lenovo, on its part, allayed fears by disclosing that the information was protected by a non-disclosure agreement. Alibaba also released a response labeling any accusations of sharing info with the Chinese government as “speculative and baseless,” but that doesn’t rule out the possibility of Chinese officials intercepting details without Alibaba’s knowledge. There is no evidence that the Chinese government exploited these flaws but informing the U.S government could have helped coordinate disclosures to ensure that enough companies had fixes in place. Big names like Apple, Amazon, Google, and Microsoft were ready relatively quickly, but others were left racing to fix or mitigate the flaws. If viewed from another perspective, it would be realized that Intel had to limit the number of vendors notified in other to minimize leaks before patches are ready.

(source)

The post Intel May Have Erred By Informing Its Chinese Clients of Meltdown Flaws Before the US Authorities appeared first on Gizmochina.

Essential is pushing out a new update but sadly it is not the stable update for Android 8.0 Oreo. We know most people are expecting that update but this new one is pretty important too.

The new update (build NMJ88C) not only brings January’s security patch but also fixes the latest security flaws – Spectre and Meltdown. If you have been following the news lately, you must have come across those two words.

Both are the names of two security flaws found within computer processors which affect nearly all devices such as smartphones, tablets, laptops, and desktops. It is also said to affect cloud computing systems.

Meltdown can grant an attacker access to read kernel memory and affects processors made by Intel and Qualcomm and a certain type of ARM chip.

Spectre on the other hand may grant attackers access to private data by tricking error-free applications into giving it up. It is harder to exploit but also harder to fix. It affects processors from Qualcomm, Intel, ARM, and AMD.

READ MORE: Essential To Focus On Reparability For Its Next-Generation Smartphone

Essential is one of the first phone manufacturers to fix the flaws. We hope other manufacturers follow suit in the coming days. However, there is a high-chance that smaller companies won’t release a patch and even bigger companies won’t release a patch for all their devices.

In a response to when the stable Oreo update will be available, Essential says they are getting close to the full release.

(Source)

The post Essential Phone Gets New update: No Oreo, But Brings January Security Patch & Spectre and Meltdown Fixes appeared first on Gizmochina.