The one part of your computer you still rely on to be safe are firmware updates to your UEFI, but of course there are also cases where this too can prove to be vulnerable. It seems there is a vulnerability in the way the the SPI flash is configured on on a variety of Intel CPUs stretching all the way back to Broadwell, straight through to the current chips. There is good news as a patch for this vulnerability has already been provided to PC and motherboard manufactures according to the information over at Bleeping Computer so check for BIOS updates over the next while. As this does stretch back to models which no longer receive regular updates, hopefully even those ancient devices will receive an update.
"According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware.""
Here is some more Tech News from around the web:
- Hackers Stole a Casino's High-Roller Database Through a Thermometer in the Lobby Fish Tank @ Slashdot
- Thousands of Android apps may be collecting children's data illegally @ The Inquirer
- Sophisticated APT surveillance malware comes to Google Play @ Ars Technica
- Google is testing 'self-destruct' function for Gmail @ The Inquirer
- Exposed: Lazy Android mobe makers couldn't care less about security @ The Register
- Apple's leaked memo warns leakers to stop leaking leaks @ The Inquirer
Much like Spectre v2, you can
Much like Spectre v2, you can count on ASUS (and probably many others) NOT issuing updates for this unless you’re on basically Skylake or newer. The PC motherboard market and updates is about as good as Android’s situation.
Laptop OEMs and any Service
Laptop OEMs and any Service after the Sale is never to be expected as far as Firmware Updates on older Laptop SKUs so there will be millions of unpatched computers in the wild!
It’s Fat Chance for Pigs with wings in the bowels of snow covered Hell that Laptop OEMs will even give 1/10th of a Rat’s shiny red A$$ about their customers with older lappy SKUs.