how did you read the post, links, the whole thread, and somehow get this take?New forced upgrade tactics. Slowing down performance so people upgrade earlier.
Yeah smart post, M3 is also effected so upgrade to what??? I just bought the M3 Air, thinking of returning it and wait for next year as I don’t really need it right now.New forced upgrade tactics. Slowing down performance so people upgrade earlier.
FUD 🤓
I have the same question since I don't understand what exactly what is vulnerable since a lot of this is above my head. It would be nice if somebody would write an article about minimizing the risks but since one hasn't appeared I assume there is nothing that can be done short totally disconnecting from the internet or powering down the computer completely.
I was getting ready to upgrade to a 15" MBA from my 13" but have cancelled that idea. No use throwing money away on POS that is just going to leak all my private info to hackers just the same as the one I already have. It might not do any good but I'm going to try to disable Keychain.app. I've got a couple of third party password managers and have used Little Snitch to totally block their access to the internet along with most other apps on the computer I don't use on a daily basis.
I have the same question since I don't understand what exactly what is vulnerable since a lot of this is above my head. It would be nice if somebody would write an article about minimizing the risks but since one hasn't appeared I assume there is nothing that can be done short totally disconnecting from the internet or powering down the computer completely.
I was getting ready to upgrade to a 15" MBA from my 13" but have cancelled that idea. No use throwing money away on POS that is just going to leak all my private info to hackers just the same as the one I already have. It might not do any good but I'm going to try to disable Keychain.app. I've got a couple of third party password managers and have used Little Snitch to totally block their access to the internet along with most other apps on the computer I don't use on a daily basis.
This may be a silly question but why don’t tech companies have to do recalls when there is a security issue like this found that can’t be patched?
I mean, you buy a new car and they find an issue, they do recalls on the vehicle. Just curious.
What are these encryption keys used for? My drive isn't encrypted to begin withThat's actually pretty bad. I hoped Apple Silicon would escape HW exploits and here we go.
SW patches will harm the performance.
The National Traffic and Motor Vehicle Safety Act gives NHTSA the authority to issue vehicle safety standards and to require manufacturers to recall vehicles that have safety-related defects or do not meet Federal safety standards.This may be a silly question but why don’t tech companies have to do recalls when there is a security issue like this found that can’t be patched?
I mean, you buy a new car and they find an issue, they do recalls on the vehicle. Just curious.
Depends on the apps you use. It may be ssh private key, it may be VPN private key.What are these encryption keys used for? My drive isn't encrypted to begin with
Yeah they can turn off DMP and cripple the M3 chip performance wise, please read the info available that's been posted.This cannot be fixed with microcode fixes in M1, M2 and M3. The only option is software mitigation which which would cause a big loss in performance, that's what has been explained so far. A new M series architecture is needed to fix this.Hope that it will be fixed by an update for M3
I doubt that, lots of Mac minis are sometimes used in server farms, Apple will have to patch I imagine across the board as some bad actor will find a way to exploit it at some point. Apple knew about this since December it appears, with all the other things happening like the dropping of micro LED and this big drive to generative AI, I am seriously wondering what Apple are going to do next to fix this hardware wise going forward.Well, I just hope apple gives us the OPTION of opting into doing the software patch and crippling our machines vs not and having better performance. Not all of us have nuclear launch codes on our machines
This may be a silly question but why don’t tech companies have to do recalls when there is a security issue like this found that can’t be patched?
I mean, you buy a new car and they find an issue, they do recalls on the vehicle. Just curious.
In the paper they demonstrated the exploit on both OpenSSL and Golang's RSA implementation. OpenSSL is widely used. So imagine some (web)server app running on the Mac with SSL enabled.