|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Apple 为其最新设备提供支持的 M1、M2 和 M3 系列芯片中新发现的漏洞使用户面临潜在的加密盗窃风险。 “GoFetch”漏洞允许攻击者操纵 CPU 窃取加密密钥,这对于 Apple 设备上的数据隐私和软件加密钱包至关重要。该漏洞针对拥有大量加密货币的高价值目标,并对网络浏览器加密和 MetaMask 等应用程序构成重大威胁。苹果已经承认了该漏洞,但其回应因未提供完整修复而受到批评。建议用户,尤其是持有大量加密货币的用户保持警惕,并采取适当措施保护其数字资产。
A Critical Vulnerability in Apple's M-Series Chips: Are Your Crypto Assets at Risk?
苹果 M 系列芯片中的一个严重漏洞:您的加密资产是否面临风险?
Recent revelations have brought to light a concerning vulnerability in Apple's M1, M2, and M3 series chips, which power their latest devices. This flaw poses a significant threat to users' cryptographic keys, leaving their data privacy and cryptocurrency holdings exposed to potential theft.
最近的爆料揭露了苹果 M1、M2 和 M3 系列芯片中的一个令人担忧的漏洞,这些芯片为其最新设备提供动力。这一缺陷对用户的加密密钥构成了重大威胁,使他们的数据隐私和加密货币资产面临潜在的盗窃风险。
What Does the "GoFetch" Exploit Mean for You?
“GoFetch”漏洞对您意味着什么?
The "GoFetch" exploit, meticulously documented by researchers from esteemed institutions like the University of Illinois Urbana-Champaign and the University of Washington, leverages Data Memory-Dependent Prefetchers (DMPs) within the chips to access the CPU cache. By monitoring the subtle side effects of secret-dependent cache accesses, attackers can surreptitiously infer a victim program's sensitive data, even if the attacker and victim share no common memory.
来自伊利诺伊大学香槟分校和华盛顿大学等知名机构的研究人员详细记录了“GoFetch”漏洞利用芯片内的数据内存相关预取器 (DMP) 来访问 CPU 缓存。通过监视依赖于秘密的缓存访问的微妙副作用,即使攻击者和受害者不共享公共内存,攻击者也可以秘密推断受害者程序的敏感数据。
Apple's Response: Mitigation or Shortcomings?
苹果的回应:缓解措施还是缺陷?
Apple has acknowledged the researchers' findings and issued a developer post outlining a potential mitigation strategy. However, this workaround may introduce performance penalties as it requires assuming worst-case processing speeds to prevent cache invocation. The responsibility for implementing these changes lies with MacOS software developers, not the users themselves.
苹果公司已经承认了研究人员的发现,并发布了一篇开发者帖子,概述了潜在的缓解策略。但是,此解决方法可能会带来性能损失,因为它需要假设最坏情况的处理速度以防止缓存调用。实施这些更改的责任在于 MacOS 软件开发人员,而不是用户本身。
Experts' Concerns: A Patch in Time Not Given?
专家的担忧:补丁没有及时发布?
Despite Apple's response, some experts have expressed concerns about its adequacy. Journalist Kim Zetter highlights that Apple implemented a fix for the vulnerability in its October-released M3 chips but failed to promptly inform developers, hindering their ability to enable the patch. Consequently, the onus now falls on wallet providers like MetaMask and Phantom to implement their own patches to safeguard against the exploit.
尽管苹果公司做出了回应,但一些专家仍对其充分性表示担忧。记者 Kim Zetter 强调,苹果在 10 月份发布的 M3 芯片中修复了该漏洞,但未能及时通知开发人员,从而阻碍了他们启用该补丁的能力。因此,MetaMask 和 Phantom 等钱包提供商现在有责任实施自己的补丁来防范漏洞。
A Reminder: No System Is Impervious
提醒:没有一个系统是坚不可摧的
Apple devices have traditionally enjoyed a reputation for security due to the inherent design of MacOS and iOS. However, a separate report from cybersecurity firm Kaspersky in January underscores the growing threat of malware targeting both Intel and Apple Silicon devices. Specifically, the malware targeted Exodus wallet users, duping them into downloading a malicious software version.
由于 MacOS 和 iOS 的固有设计,Apple 设备传统上享有安全声誉。然而,网络安全公司卡巴斯基一月份的另一份报告强调了针对英特尔和苹果芯片设备的恶意软件威胁日益增长。具体来说,该恶意软件针对 Exodus 钱包用户,诱骗他们下载恶意软件版本。
Cloudbet: A Secure Haven for Aviator Gaming and More
Cloudbet:飞行员游戏等的安全天堂
Cloudbet, a leading Aviator casino established in 2013, boasts an impressive track record in online gaming and e-sports betting. With over 100,000 users, it prioritizes security by storing customer funds in cold storage. Its user-friendly interface and diverse game collection, including slots, table games, and virtual games, cater to a wide range of preferences. Players can utilize multiple currencies or opt for 'free play' to explore games without financial risk.
Cloudbet 是一家领先的 Aviator 赌场,成立于 2013 年,在在线游戏和电子竞技博彩方面拥有令人印象深刻的记录。它拥有超过 100,000 名用户,通过将客户资金存储在冷库中来优先考虑安全性。其友好的用户界面和多样化的游戏系列,包括老虎机、桌面游戏和虚拟游戏,满足了广泛的喜好。玩家可以使用多种货币或选择“免费游戏”来探索游戏,而无需承担财务风险。
Conclusion: Vigilance and Proactive Measures
结论:保持警惕并采取积极措施
While Apple devices are generally regarded as secure, the newly discovered vulnerability in their latest chips serves as a sobering reminder that no system is immune to threats. Users, particularly those with substantial cryptocurrency holdings, should exercise vigilance and stay abreast of any developments or patches to safeguard their digital assets.
虽然苹果设备通常被认为是安全的,但其最新芯片中新发现的漏洞清醒地提醒我们,没有任何系统能够免受威胁。用户,特别是那些持有大量加密货币的用户,应保持警惕并及时了解任何进展或补丁,以保护其数字资产。
免责声明:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
-
- SPX6900:热衷于成为 Meme 硬币的 Meme 硬币
- 2024-12-25 21:30:03
- SPX6900 以其对世界经济的独特看法和超过 300,000% 的飙升点燃了市场。