Patches Chronicles: How Big Companies are Coping with the Chip Apocalypse
As you already know, at the beginning of this year the IT and geek community was shocked to reveal the flaws in the very core of any modern computer or mobile device – inside the CPU. The nature of the flaws are to the extent of not even being able to be fixed at the factory. Software patches remain to be the only remedy from Meltdown and Spectre so far.
Fortunately, users didn’t have to wait too long because major software companies have been working over the patches since last summer when the flaws were first discovered. Both Meltdown and Spectre aren’t the malware but rather holes for any malware to sneak in through. We were extremely lucky that cyber criminals didn’t know about them.The damage inflicted by them would have made WannaCry ransomware look like a friendly joke. Obviously, the looming disaster forced the software companies to run against the clock.
Let’s see how they coped with the task.
Apple did brilliantly so far. The Cupertino company has quickly released updates, mitigating the consequences of Meltdown and Spectre. The patches, dated by January, 8, 2018, are available for
- macOS High Sierra 10.13.2
- macOS Sierra 10.12.6
- OS X El Capitan 10.11.6
- OS 11.2.2 (available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation)
While High Sierra and OS 11 get the overall system update, Sierra and El Capitan have to put up with the Safari 11.0.2 update only (v. 11604.4.7.1.6 & 12604.4.7.1.6).
Microsoft absolutely messed up with their patches. The company quickly rolled out the patches for Windows 10 and Windows 7. Immediately users across the world started hitting blue screens of death (BSOD) or loosing their boot sectors. The systems affected are running AMD processors.
AMD is the one and only chip-making company that has survived the Chip Apocalypse almost unscarthed. Most of the AMD chips are immune to Meltdown and only a number of them are susceptible to the lightest variant of Spectre while the Ryzen top chip is totally free of danger. The AMD engineers did not foresee Microsoft’s moves.
The list of the processors ruined by the patch includes:
- AMD Athlon X2 6000+
- AMD Athlon X2 5600+
- AMD Athlon X2 5200+
- AMD Athlon X2 5050e
- AMD Athlon X2 4800+
- AMD Athlon X2 4600+
- AMD Athlon X2 4200+
- AMD Athlon X2 3800+
- AMD Athlon X2 BE-2400
- AMD Opteron 285
- AMD Opteron 2220
- AMD Turion X
Microsoft has already placed the blame on AMD. They claimed that AMD didn’t cooperate and didn’t send them detailed documentation pertaining the chips’ design. Nevertheless, the reports from angry users kept flooding in and MIcrosoft withdrew the following patches:
- Win10 1709 KB 4056892 Build 16299.192
- Win10 1709 for ARM KB 4056892 the mysterious patch listed in the Update Catalog
- Win10 1703 KB 4056891 Build 15063.850
- Win10 1607 and Server 2016 KB 4056890 Build 14393.2007
- Win10 1511 KB 4056888 Build 10586.1356, the patch that’s only available on Enterprise and Education editions
- Win10 1507 LTSC KB 4056893, Build 10240.17738
- Win8.1 and Server 2012 R2 KB 4056895 2018-01 Monthly Rollup
- Win8.1 and Server 2012 R2 KB 4056898 2018-01 security-only patch
- Win7 and Server 2008 R2 KB 4056894 2018-01 Monthly Rollup
- Win7 and Server 2008 R2 KB 4056897 2018-01 security-only patch
As for the AMD video cards coupled with Intel CPUs, it’s still unclear if they meet the embargo’s criteria.
All other users are strictly warned to update their antiviruses first before applying any patches from Microsoft. Once again, patching Windows seems to be a tough task to do.
Google is tricky as always. It is patching not the system but the devices, as every single one of them feature their own kernel version. Generally, both flaws are mitigated with the December 2017 and January 2018 patches.
The first patched devices are:
- Nexus 5X
- Nexus 6P
- Pixel XL
- Pixel 2
- Pixel 2 XL
Chromebooks are using the 3.18 and 4.4 versions of the kernel Numerous that Chromebooks rolled out in 2013 and 2015 as well as Chromebits, Chromecasts, Chromeboxes aren’t patched yet. Their users can employ the Site Isolation feature in the Chrome browser.
Major Android phones vendors like Samsung, LG, Motorola and Huawei are going to patch their devices in January 2018. The flagship handhelds are the first to get the protection, of course. If you’re not lucky enough to have one of those, check for updates every now and then.
Update!: Nvidia has confirmed that Nvidia video chip are susceptible to both variants of Spectre. All in all, Spectre seems to be more dangerous than Meltdown since it allows the malware to imitate the behavior of normal software. And as video cards feature their own independent CPUs nowadays, they too has to be patched. The flaw affected GeForce, NVS, Quadro, GRID and Tesla. The first three video cards can be patched right now, while GRID and Tesla will be fixed toward the end of January.
- You can always trade in online the gadgets and devices you don’t need anymore with iGotOffer. Free quote, free shipment, fast and secure payment.
Credit image: pixabay.com