Meltdown and Spectre, acer position and solutions

grimaldo
grimaldo Member Posts: 1 New User
edited November 2023 in 2018 Archives
Hi Guys I want to know the position of the company with the problem with those vulnerabilities in the intel processors. I bought a Predator Helios 300 this holidays with Intel Core i7 and the reports says ALL the latest CPUs are vulnerable.

Whats your position and how can you help us?

Thank you

Answers

  • ven98
    ven98 ACE Posts: 4,073 Pathfinder
    https://us.answers.acer.com/app/answers/detail/a_id/51890 this is a list of the devices that are vulnerable to SA-00086. You can also run the SA-00086 vulnerability check tool. You will have to wait until Acer releases a patch for your device to fix this.
    Always post the following characterisitcs of the device:
    -Model number
    -Part number(not required, but helpful)
    -CPU
    -GPU
    -Operating system

    Helios 300 and Nitro 5 users DO NOT update the BIOS to version 1.22 if you don't want the keyboard's backlight to turn off after 30 seconds even when the device is plugged in.


    Hit 'Like' if you find the answer helpful!   
    Click on 'Yes' if the comment answers your question!

  • ZurionIssir
    ZurionIssir Member Posts: 1 New User
    SA-00086 is not referring to Meltdown or Spectre. It's a different vulnerability.
    I have an Acer Aspire E1-531G so I'm pretty sure I'm never going to see a firmware update that allows for Spectre mitigation, but I do hope they release firmware updates for newer laptops.
  • IronFly
    IronFly ACE Posts: 18,413 Trailblazer
    as far as i know, the CPUs/chips producers are still testing patches and fixes, so official statements are pretty hard to do right now.
    Google, Apple and Linux community are looking and the easiest way to do it...honestly this is a bad situation for big data/server enviroments not for single users.
    I'm not an Acer employee.
  • ven98
    ven98 ACE Posts: 4,073 Pathfinder
    The latest windows build 16299.192 fixes meltdown, but for spectre we need a BIOS update by Acer.
    Always post the following characterisitcs of the device:
    -Model number
    -Part number(not required, but helpful)
    -CPU
    -GPU
    -Operating system

    Helios 300 and Nitro 5 users DO NOT update the BIOS to version 1.22 if you don't want the keyboard's backlight to turn off after 30 seconds even when the device is plugged in.


    Hit 'Like' if you find the answer helpful!   
    Click on 'Yes' if the comment answers your question!

  • ZYXTER
    ZYXTER Member Posts: 1 New User
    When can we expect bios firmware patch on specter&meltdown, can someone from acer provide us with an update please?
  • udm196
    udm196 Member Posts: 3 New User
    I got a reply from Acer support that the fix for variant 2 of Spectre will be available in June 2018 in support's download section. Seems a hell of a long time to wait for a security patch wouldn't you agree ?
  • Espionage724
    Espionage724 Member Posts: 20 Networker
    In regards to the exploits with Intel Management Engine (ME), I was able to use me_cleaner to disable ME on a Predator Helios 300 laptop without issue; no longer have to worry about ME-related vulnerabilities. Was a bit of a task to do though (requires a hardware SPI flasher and SOIC clip).

    I doubt my comment would persuade Acer to do so, but they should consider allowing end-users to purchase laptops without ME since the consumer version of it doesn't offer anything beneficial. I believe Dell and System76 offer this option.
  • ven98
    ven98 ACE Posts: 4,073 Pathfinder
    udm196 said:
    I got a reply from Acer support that the fix for variant 2 of Spectre will be available in June 2018 in support's download section. Seems a hell of a long time to wait for a security patch wouldn't you agree ?
    I don't think 6 months is that long, as this vulnerability has been existing for about a decade. 6 months is nothing compared to that in my opinion. 
    Always post the following characterisitcs of the device:
    -Model number
    -Part number(not required, but helpful)
    -CPU
    -GPU
    -Operating system

    Helios 300 and Nitro 5 users DO NOT update the BIOS to version 1.22 if you don't want the keyboard's backlight to turn off after 30 seconds even when the device is plugged in.


    Hit 'Like' if you find the answer helpful!   
    Click on 'Yes' if the comment answers your question!

  • Skelomorph
    Skelomorph ACE Posts: 463 Pioneer
    edited January 2018
    udm196 said:
    I got a reply from Acer support that the fix for variant 2 of Spectre will be available in June 2018 in support's download section. Seems a hell of a long time to wait for a security patch wouldn't you agree ?
    It does seem like a long time. However, the BIOS patch does not solve it totally. The Spectre Vulnerability's main example seems to be javascript in Web Browsers. However, there are methods to make it impossible for code in web browsers to go outside of their processes and can be enabled. Also, the BIOS patch is not a fix, but a band aid, so it is likely that if this method is taken advantage of, they will find a way around the band aid. 

    For Chrome and its variants, you can enable Site Isolation in Chrome://flags. This flag will automatically be enabled in Chrome 64 that is to be released January 23. The Firefox version 57.0.4+ is already patched for this, as well as Windows Edge and IE, if you are keeping Windows updated.

    The Intel ME vulnerabilities essentially require local access or local network access. So, you would need someone on your network (your personal WIFI should be password protected, stay away from public WIFI) or having access to your computer (password protection for Windows & BIOS will stop this) to be vulnerable. This would include viruses, but if you get certain types of virus, your information can be stolen anyways.

    So really, the best protection against this is yourself. Be careful what you download and web sites you go to, enable the options for Web Browsers and keep them up to date, and keep your Windows up to date.

    Skelo
    Please quote me so I get a notification of your reply!
    If I helped you, like my post and/or select my post as 'Solved'.
    Please put your laptop model in your signature so we can know what device you have.

    Product: Acer Predator Helios 300
    Model: G3-571
    "Don't cry because its over, smile because it happened."
    - Dr. Seuss
  • udm196
    udm196 Member Posts: 3 New User
    Thanks Skelo for your comprehensive answer which is much appreciated. Don't think I can avoid public WIFIs with my laptop, as I use it frequently "on the go".

    The BIOS options on the ACERs are very limited as you know, and I want to reiterate that leaving a known and important vulnerability unpatched for 6 months is not very reassuring as far as responsiveness is concerned. Not a security expert myself, but I imagine that Intel and other chipset manufacturer will provide the required updates in a more timely fashion.
  • udm196 said:
    Thanks Skelo for your comprehensive answer which is much appreciated. Don't think I can avoid public WIFIs with my laptop, as I use it frequently "on the go".

    The BIOS options on the ACERs are very limited as you know, and I want to reiterate that leaving a known and important vulnerability unpatched for 6 months is not very reassuring as far as responsiveness is concerned. Not a security expert myself, but I imagine that Intel and other chipset manufacturer will provide the required updates in a more timely fashion.
    It should definitely be released faster than that, but I doubt even 6 months is correct. I would assume it is sooner than that, and the tech desk person was probably just giving a BS answer. It is amazing how little the support people who take calls have so little information from the actual developers in a company. This is not solely Acer either who has workers who are not in the loop, BTW.

    As long as your browsers are updated, the site isolation is turned on in Chrome, with the latest Windows updates you should be at extreme minimal risk.

    Skelo 
    Please quote me so I get a notification of your reply!
    If I helped you, like my post and/or select my post as 'Solved'.
    Please put your laptop model in your signature so we can know what device you have.

    Product: Acer Predator Helios 300
    Model: G3-571
    "Don't cry because its over, smile because it happened."
    - Dr. Seuss
  • Queen6
    Queen6 Member Posts: 319 Skilled Practitioner WiFi Icon
    I work and travel internationally,  therefore I frequently need to access public networks, here a good VPN is invaluable I also use a portable router with either it's own 4G connection or as another barrier to an open network such as a hotels by implementing it's repeater function, this adds a layer protection with it's hardware firewall.  On top of this I keep the systems updated and apply the latest BIOS updates in good time.

    Q-6