英特尔 英特尔 显示器音频
Last year saw the release of the Spectre and Meltdown vulnerabilities, but researchers warned that this pair of flaws was just the start of something bigger. ZombieLoad is the newest vulnerability to leverage a similar type of attack.
去年看到了Spectre和Meltdown漏洞的发布,但研究人员警告说,这对漏洞仅仅是更大漏洞的开始。 ZombieLoad是利用类似攻击类型的最新漏洞。
While there isn’t a lot to say about ZombieLoad that hasn’t already been said, here’s what you need to know. First off, it affects nearly every Intel processor made since 2011. Secondly, since it directly affects the processor, it’s OS agnostic—this flaw is present on Windows, Mac, Chrome OS, Linux, and pretty much any other operating system that runs on an Intel chip.
关于ZombieLoad的说法还很多,但您需要了解以下内容。 首先,它会影响自2011年以来生产的几乎所有英特尔处理器。其次,由于它直接影响处理器,因此与操作系统无关,此缺陷存在于Windows,Mac,Chrome OS,Linux以及几乎所有其他运行在该操作系统上的操作系统上。英特尔芯片。
The good news? Most of the major players have already patched the vulnerability (or will do so very soon)—Apple has a fix for every Mac and MacBook released since 2011, Mozilla is making sure Firefox is safe, Microsoft is rolling a fix out to Windows, and Amazon is deploying a patch for AWS. Google said that most Android devices aren’t vulnerable—you know, since most don’t use Intel chips—but a patch has been developed and will need to be distributed by manufacturers. Affected Chrome OS devices are good to go as of Chrome OS 74, though it may cause a bit of a performance hit until the permanent solution becomes available in Chrome OS 75 as the temporary fix disabled hyperthreading.
好消息? 大多数主要参与者已经对该漏洞进行了修补(或将很快进行修补)—自2011年以来,Apple已针对每个Mac和MacBook修复了该漏洞,Mozilla确保Firefox是安全的,Microsoft正在将修补程序推广到Windows,以及亚马逊正在为AWS部署补丁。 谷歌表示,大多数Android设备都不容易受到攻击-您知道,因为大多数设备都不使用英特尔芯片-但已经开发了补丁程序,需要由制造商分发。 从Chrome OS 74开始,受影响的Chrome OS设备还是不错的选择,尽管它可能会导致性能下降,直到由于永久修复禁用超线程而导致永久解决方案在Chrome OS 75中可用。
Without getting overly-technical, ZombieLoad does its thing by leveraging something called, get this, a zombie load. A zombie load contains clusters of data that the processor can’t, erm, process, so it has to request assistance from microcode to avoid crashing. The ZombieLoad vulnerability allows attackers to leverage this process to access any data currently loaded in the processor’s core in real-time. Since the processor sees all, you can imagine why this is such an issue—usernames, passwords, sensitive account info, and the like are all potentially at risk here.
ZombieLoad无需过度技术,就可以利用称为僵尸负载的东西来完成其工作。 僵尸负载包含处理器无法处理,无法处理的数据簇,因此它必须请求微码协助,以免崩溃。 ZombieLoad漏洞使攻击者可以利用此过程实时访问处理器内核中当前加载的任何数据。 由于处理器可以看到所有内容,因此您可以想象为什么会出现这种问题-用户名,密码,敏感帐户信息等在这里都可能受到威胁。
On the upside, researchers only recently found this vulnerability, and there’s no proof that it has been leveraged out in the world yet. Now that the word is out, however, it’s sure to pique the interest of every wrong-doer with the know-how, so it’s critical that you make sure to patch your devices. Install those updates, folks! [TechCrunch, The Verge, Wired]
从好的方面来看,研究人员直到最近才发现此漏洞,尚无证据表明该漏洞已在世界范围内得到利用。 但是,既然这个词已经确定了,那么一定可以用技术诀窍激起每个做错事的人的兴趣,因此确保对设备打补丁至关重要。 伙计们,安装这些更新! [ TechCrunch ,边缘,有线]
在其他新闻中 (In Other News)
Disney buys Comcast’s stake in Hulu, OnePlus officially announces the 7 Pro, Google is getting more ads, Facebook brings back “view as public,” and more.
迪斯尼(Disney)收购了康卡斯特(Comcast)在Hulu的股份,OnePlus正式宣布7 Pro,谷歌(Google)获得更多广告,Facebook(Facebook)带回“公众视野”等等。
Disney now has full control of Hulu: Disney is poised to buy Comcast’s stake in Hulu and will take full control of the streaming service effective immediately. Nothing will change in terms of content as of now, as Comcast agreed to extend the licensing of NBCUniversal content until “late 2024.” After that, however, we’ll have to see. [Ars Technica]
迪士尼现在已经完全控制了Hulu:迪士尼准备收购Comcast在Hulu中的股份,并将立即完全控制流媒体服务。 康卡斯特同意将NBCUniversal内容的许可期限延长至“ 2024年末”,到目前为止,内容方面将保持不变。 但是,在那之后,我们将不得不看看。 [ Ars Technica ]
The OnePlus 7 Pro is official: It features a notchless 6.67-inch 90 Hz QHD+ display with a 93 percent screen-to-body ratio and pop-up selfie camera, Qualcomm Snapdragon 855 CPU, up to 12GB of RAM, and other beastly specs. All for a starting price of $669. It’s a monster. [OnePlus]
OnePlus 7 Pro是官方产品:它具有无缺口的6.67英寸90 Hz QHD +显示屏,屏占比为93%,带有弹出式自拍相机,高通Snapdragon 855 CPU,高达12GB的RAM和其他出色的规格。 全部起价为669美元。 这是一个怪物。 [ OnePlus ]
New Google ads are coming: Google announced all sorts of new ads yesterday, mostly for mobile. Google Search is getting more intrusive ads, as is the Discover feed. Yay? [The Verge]
Google的新广告即将到来: Google昨天宣布了各种新广告,其中大部分是针对移动设备的。 Google搜索和Discover feed都获得了更具干扰性的广告。 好极了? [边缘]
Facebook is bringing back “view as public”: Remember the Facebook feature of old that allowed you to see your profile the way others saw it? Well, it’s coming back—hopefully, it’s more secure this time. [Engadget]
Facebook正在带回“公开查看”:还记得old的Facebook功能,该功能可以让您以其他人的方式查看您的个人资料吗? 好吧,它又回来了-希望这次更加安全。 [ Engadget ]
AT&T will pull content from Netflix for its own thing: You ever sit back and think “man, if only there were 17 more streaming services with all different content!” Well, boy, do we have good news for you! AT&T is gearing up to launch a streaming service, and when it does, you can say goodbye to things like Friends and The Office on Netflix. Great. [Android Police]
AT&T将从自己的内容中提取Netflix的内容:您曾经坐下来思考:“伙计,如果再有17种具有不同内容的流服务!” 好吧,男孩,我们有好消息要给您! AT&T正准备推出流媒体服务,当它启动时,您可以告别Netflix上的Friends和The Office之类的东西。 大。 [ Android警察]
Google to pay some Pixel owners in a class-action lawsuit: The suit states that the company knew the original Pixel had a faulty mic, yet they sold it anyway. Now Google will have to pay up to $500 to some users. All Pixel and Pixel XL devices made before January 4th, 2017 are covered. [The Verge]
Google在一项集体诉讼中向部分Pixel所有者付款:该诉讼称该公司知道原始Pixel的麦克风有问题,但他们还是出售了它。 现在,Google将不得不向某些用户支付最高500美元的费用。 涵盖了2017年1月4日之前制造的所有Pixel和Pixel XL设备。 [边缘]
A new Mortal Kombat movie is coming: Look, maybe you don’t care about this, but I’m already hyped. I need more live action Baraka. [Engadget]
一部新的真人快打电影即将上映:看,也许您对此并不在意,但我已经大肆宣传。 我需要巴拉卡的更多现场表演。 [ Engadget ]
Google is combining and renaming a bunch of services in its latest shift. First off, Google Trips, Flights, hotel search, and similar services you probably didn’t know Google offered are going to be a singular service called Trips. You can check it out now. Secondly, as previously rumored, Google Express is becoming Google Shopping, and it’s getting integration with Google Images, Discover, and YouTube. This will make it even easier to buy things using Google Shopping. They’re coming for you, Amazon. [The Verge, Android Police]
Google在其最新转变中正在合并和重命名一系列服务。 首先,Google Trips,机票,酒店搜索以及您可能不知道Google提供的类似服务将是一项名为Trips的单一服务。 您现在可以签出。 其次,正如之前所传闻的那样,Google Express正在成为Google Shopping,并且正在与Google Images,Discover和YouTube集成。 这将使使用Google购物购买商品变得更加容易。 他们为您而来,亚马逊。 [ The Verge , Android警察]
翻译自: https://www.howtogeek.com/fyi/daily-news-roundup-zombieload-is-the-latest-threat-to-intel-pcs/
英特尔 英特尔 显示器音频
扫一扫
8598
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
