![]() ![]() The odds are stacked in the attacker’s favor. They can be 99.9% perfect and that won’t be good enough, because once hardware is released into the world: it is open season on that 0.1% the team missed. But at the end of the day, they are only human. During development they fixed many problems we’ll never see. Any single feature would have been the work of a small team of engineers over a period of months. But they weren’t all working on the same thing for all that time. In short, these are old vulnerabilities, but exploiting them was hard enough that it took twenty years to do it.īuilding a new CPU is the work of a large team over several years. did some digging and found a paper from the early 1990s (PDF) that warns of the dangers of fetching info into the cache that might cross priviledge boundaries, but it wasn’t weaponized until recently. However, as evidence of non-obviousness, some very smart people got remarkably close to the Meltdown effect last summer, without getting it all the way. We won’t try to sway those who choose to believe in a conspiracy that’s simultaneously secret and obvious to everyone. From “It’s so obvious, Intel engineers must be idiots” to “It’s so obvious, Intel engineers must have known! They kept it from us in a conspiracy with the NSA!” So much so that the spectrum of reactions have spanned an extreme range. Like many great discoveries, this one is obvious with the power of hindsight. 18-00147.While the whole industry is scrambling on Spectre, Meltdown focused most of the spotlight on Intel and there is no shortage of outrage in Internet comments. ![]() District Court, Northern District of California, No. The case is In re Apple Processor Litigation, U.S. In seeking a dismissal, Apple said similar lawsuits had previously been dismissed against other manufacturers including Intel and Advanced Micro Devices Inc. Meltdown affected only chips from Intel Corp, while Spectre affected nearly all chips made in the prior decade. Davila said they can try to replead their claims by June 30. Lawyers for the plaintiff customers did not immediately respond to requests for comment. ![]() "Plaintiffs have failed to allege an affirmative misrepresentation, an actionable omission, and actual reliance" on misstatements by Apple, Davila wrote. The judge also said it was not false or misleading for Apple to claim that its newer processors were faster and lasted longer than older processors, just because the patches may have degraded performance. The lawsuit was filed after Apple and other companies including Alphabet Inc's Google revealed the Meltdown and Spectre flaws, which could let hackers access computer devices and steal their memory contents, in January 2018.Īpple customers claimed that the Cupertino, California-based company learned about the defects in June 2017, but said nothing until after the New York Times reported on the flaws.ĭavila, however, said the customers did not show they relied on Apple's marketing, and that the company's assertions that its products were "secure" and built "with your privacy in mind" were too general to support their claims. District Judge Edward Davila in San Jose, California said customers failed to prove that they overpaid for their devices because Apple knowingly concealed defects, and provided security patches that made its devices significantly slower. ![]() judge on Wednesday dismissed a proposed class-action lawsuit accusing Apple Inc of defrauding customers by selling iPhones and iPads whose processors proved vulnerable to two cybersecurity flaws first disclosed in 2018. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |