![]() ![]() Some of the biggest browser names have already created and distributed updates designed to protect the applications - and the data on the device - from potential Spectre attacks, although as of now, patches for Apple's Safari remain AWOL. That's because Spectre could be leveraged by criminals using JavaScript attack code posted on hacker-run or compromised sites.Īccording to a group of independent and academic researchers, "Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code." The researchers also wrote a proof-of-concept that demonstrated how an attacker could use JavaScript to read the address space of a Chrome process - in other words, an open tab - to harvest, say, site credentials that had just been entered. While the most important fixes distributed so far came from chip makers and operating system vendors, browser developers also updated their applications. That plan went out the window when leaks started to circulate earlier this week. At that time, a coordinated effort by multiple vendors, from OS developers to silicon makers, was to debut with patches to protect, as best could be done without replacing the CPU itself, systems against flaws grouped under the umbrella terms of Meltdown and Spectre. The Google-driven revelations - it was members of the search firm's Project Zero security team who identified the multiple flaws in processors designed by Intel, AMD and ARM - were to go public next week, on Jan. ![]() Amid the panicked response this week to the news of significant, though not-yet-exploited, vulnerabilities in the vast bulk of the world's microprocessors, it went almost unnoticed that most browser makers responded by updating their wares in the hope of fending off possible web-based attacks. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |