Hardly a month goes by without revealing a new compromise that could compromise computer compromise, so the latest revelation – weaknesses in the high-speed Thunderbolt and PCI Express interfaces used by Mac and PCs are par for the course on this point. But the depth of this just mentioned issue is worrying enough that Linux, Mac and Windows users should be aware of the consequences of leaving their older machines unpatched.
Research presented this week by the University of Cambridge's security group suggests that both Thunderbolt and PCI Express interfaces provided peripherals with almost unlimited memory access on Mac and PCs, so a villain can do anything from injecting software to grabbing passwords or private files from a computer. A malicious periphery can simultaneously perform its promised functions while snooping on the user or taking control of the machine.
Thunderbolt has previously had its own connector type that clearly distinguishes cables and peripherals from USB options. But the latest version, Thunderbolt 3, shares the same USB-C connectors used in most of the current generations of PCs and Macs. It is now used in almost all Apple products and some laptops. PCI Express add-ons are generally desktop and server specific.
According to the researchers, a defense mechanism that would have limited full access to memory was not supported by Microsoft's Windows 7, 8, 1
Although researchers say they & # 39; I have been working with vendors to reduce the security issues since 2016, the software loads have been uneven across platforms. Apple has apparently solved the aforementioned problem in MacOS 10.12.4 in 2016, but Microsoft took in April 2018 to fix Thunderbolt (but not PCI Express) vulnerabilities in Windows 10, leaving machines before version 1803 attacked. Solutions for Linux are included in the core 5.0, which is approaching final release.
Users are advised to take two precautions: Update your computer to the latest version of Linux, MacOS, or Windows 10, and be careful about attaching unknown USB C devices … especially those in public places. "Despite the patches, scientists suggest that there is" very credible "potential for use in apparently normal charging stations or monitors that can take control of connected and unprotected machines.