Meltdown and Spectre are two modern viruses: the first exploits CPU microcode, and the second is more complex. This, as expected is leading to litigation.
Anthony Bartling and Jacqueline Olson filed a class action complaint against Apple last week in a U.S. district court in San Jose on behalf of anyone who purchased a device with an ARM-based processor designed by Apple, ranging from the A4 to A11 Bionic chips used in iPhone, iPad, iPod touch, and Apple TV models.
The complaint alleges that Apple has known about the design defects giving rise to the Meltdown and Spectre vulnerabilities since at least June 2017, and could have disclosed details to the public more promptly.
An excerpt from the complaint:
ARM Holdings PLC, the company that licenses the ARM architecture to Apple, admits that it was notified of the Security Vulnerabilities in June 2017 by Google’s Project Zero and that it immediately notified its architecture licensees (presumably, including Apple) who create their own processor designs of the Security Vulnerabilities.
The complaint added that it is unlikely Apple would be able to fully and adequately release fixes for Meltdown and Spectre without the performance of its processors decreasing by between five and 30 percent.
Apple addressed Meltdown in macOS High Sierra 10.13.2 and iOS 11.2, while Spectre mitigations were introduced in a macOS 10.13.2 supplemental update and iOS 11.2.2, both of which were released early last week.
Despite one dubious claim that Apple’s patch for Spectre resulted in a significant performance decrease on one developer’s iPhone 6, Apple said its testing indicated that its mitigations had no measurable impact on its Speedometer and ARES-6 tests and an impact of less than 2.5 percent on the JetStream benchmark.
The complaint expects at least 100 customers to be part of the proposed class, with the combined sum of compensatory and punitive damages expected to exceed $5 million if the case proceeds to trial.
A group of Israelis have filed a request with the Haifa District Court to file a class action lawsuit against Apple, Intel, and ARM over Meltdown and Spectre as well, according to local news publication Hamodia.
I keep my Apple machines up to date for the OS. (NB. Do not do this with microsoft word if you use endnote. Endnote requires a stable version of word, not a microsoft insider version: it breaks. And the main reason to have a Apple machine, for me, is to use word since that is what medical editors want)
I have not seen a significant slowdown with the new kernel. But that has never stopped lawyers: they are a lower form than social justice warriors or politicians.
My linux boxes all use a version of Fedora. The problem is sorted, after the most recent Kernel revisions.
You may have heard about Meltdown, an exploit that can be used against modern processors (CPUs) to maliciously gain access to sensitive data in memory. This vulnerability is serious, and can expose your secret data such as passwords. Here’s how to protect your Fedora system against the attack. New kernel packages contain fixes for Fedora 26 and 27 (kernel version 4.14.11), as well as Rawhide (kernel 4.15 release candidate). The maintainers have submitted updates to the stable repos. They should show up within a day or so for most users. To update your Fedora system, use this command once you configure sudo. Type your password at the prompt, if necessary.
sudo dnf --refresh update kernel
Fedora provides worldwide mirrors at many download sites to better serve users. Some sites refresh their mirrors at different rates. If you don’t get an update right away, wait until later in the day. If your system is on Rawhide, run sudo dnf update to get the update. Then reboot your system to use the latest kernel.
I have removed TinyMCE and installed Gutenberg as an editor. I hope to be able to edit visually rather than in raw html: i can do that, but the speed of workflow does matter, and it is much easier to spot typos if you are not using plain text.