11.01.18

Intel and AMD address microchip security flaws

A set of security flaws has been discovered that could let hackers steal information from nearly every modern computing device containing chips from Intel, ARM and AMD. One of the bugs is specific to Intel but another affects laptops, desktop PCs, smartphones, tablets and internet servers. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.

Researchers with Google Project Zero, in conjunction with academic and industry researchers discovered two flaws.

The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords.

The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

In a statement Intel said 'it had been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data. Recent reports that these exploits are caused by a 'bug' or a 'flaw' and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.'

'Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.'