News:

Willkommen im Notebookcheck.com Forum! Hier können sie über alle unsere Artikel und allgemein über Notebook relevante Dinge disuktieren. Viel Spass!

Main Menu

Post reply

The message has the following error or errors that must be corrected before continuing:
Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.
Other options
Verification:
Please leave this box empty:

Shortcuts: ALT+S post or ALT+P preview

Topic summary

Posted by Neenyah
 - March 22, 2024, 16:03:22
Oof, not good. First, because it was reported to Apple back in December and they still didn't do anything to address it. Second, because of this:

Quote"We're talking about high-end users, like someone who has a cryptocurrency wallet with a lot of money," he says. But he notes that in theory this attack might be used to break the TLS cryptography that a computer's browser uses to encrypt communication between their computer and web sites, which could allow attackers to decrypt that communication to extract a user's session cookie for their Gmail or other web-based email account and use it to log into the account as them. "I'm not saying it's a practical attack I'm just saying that's the kind of threat you might be worried about," he says, "You can get [other] very high-valued keys potentially" including their iCloud keys to access backed up data. The researchers reported the issue to Apple in December, but other than thanking them for their work, Genkin says Apple didn't indicate what, if anything, it might do to address the problem.

QuoteIt's also theoretically possible for an attacker to pull this off by embedding malicious code into Javascript on a web site so that when a computer with an M-series chip visits the site, the attacker's malicious code can conduct the attack to grab data from the cache. The researchers didn't test a web site attack, but Green says the scenario is plausible. It would also be a more concerning attack, he notes, because attackers could scale it to attack thousands of computers quickly.

This is huge.
Posted by NikoB
 - March 22, 2024, 14:44:40
All of these holes found are similar to the "Dieselgate" scam.

At first, fraudulent chip manufacturers (here in particular Apple) deliberately (I am 100% sure of this) introduce security holes into the circuits in order to speed up the operation of the chips compared to competitors or simply to demonstrate a significant (for future buyers) increase in performance in the new series, which in reality, with conscientious development taking into account all levels of security, simply would not exist. And when they, the manufacturers of such chips with fake security, have sold millions of these chips and profits have already been made, unpleasant facts emerge (most often in a "controlled manner").

In the case of dieselgate, bringing the emission level of cars to official standards leads to a sharp loss of torque and engine power below that declared by the manufacturer. Which is officially considered fraud and requires compensation for each buyer. Please note that the automotive industry has safety regulations. which manufacturers are prohibited from violating at the official level, but in IT there are still no such standards and no official punishment for their non-compliance. How convenient, right?

As a result, fraudulent IT manufacturers do not suffer seriously in any way after their fraud in chip development is discovered, because There are no minimum safety standards at the official level.

I'm wondering why the authorities, at least the United States, have not yet filed class action lawsuits against chip manufacturers? After all, only powerful losses in the event of large fines in favor of each buyer and the state will force the owners of manufacturers to choose the right management and create a healthy environment for the development of new series.

And we are all seeing the same thing now with Boeing.

This is a general degradation of the integrity of American business. His greed and dishonesty (look at how many of your companies continue to conduct business in Russia brazenly in full view of the whole world) has crossed all boundaries.
Posted by Redaktion
 - March 22, 2024, 05:25:20
Security researchers have uncovered a major security vulnerability affecting Apple's M1 and M2 family of chips. Using a crafted attack, researchers were able to use what is known as a "side-channel" to access and decode security keys used in widely used encryption services.

https://www.notebookcheck.net/Apple-M-series-chips-have-serious-security-flaw-baked-in-fix-will-result-in-performance-hit.816056.0.html