Meltdown and Spectre exploits: Cutting through the FUD

Source Graz University of Technology

Source Graz University of Technology

Intel also played down concerns about slowed performance due to the updates, noting that for the "average computer user", the impact should not be significant and will lessen over time.

Google's cyber security researchers spotted a major flaw recently in the designing of Intel CPUs and users are not happy at all. "By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years", the chipmaker said.

While Spectre is more hard to exploit than Meltdown (the design flaw that affected Intel's CPUs), it affects every modern CPU and there is now no fix for it. First reported by the Register, the vulnerability affects millions (if not billions) of laptops, smartphones, and even cloud computing servers.

On Thursday, Apple confirmed that all Mac systems and iOS devices are affected, but that no known exploits have impacted its customers.

ARM said patches had already been shared with its customers, which include many smartphone manufacturers.

Intel shares opened lower Thursday as the revelation its products are among the chips with potential security-related flaws, has tech giants ensuring the right fixes are available. Intel denied that the patches would bog down computers based on Intel chips. Manufacturers including Apple, Microsoft, and Google have worked tirelessly to release updates that patch the bugs.

Users are advised to keep the automatic updates functionality on their machines enabled to receive the security updates for Intel CPU bug at the earliest, possibly via system update or the vendor's PC management app. The reason this flaw is much more complex than the usual software or hardware bugs is that it's more than just a bug that can be fixed with an update.

Intel is aware of the vulnerability and issued a statement stating that they are "working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively". If an attacker could sneak software onto your computing device, that malware could use the vulnerabilities to read private data it shouldn't be able to see - like encryption keys, passwords, bank account numbers and other sensitive data.

The difference here is in the design philosophy used by chip makers which favored speed gains over security in certain situations and will require rethinking future chip designs.

Operating systems such as Android, Linux, Windows and OS X have already released security fixes that will stop the attack from the software side of things and it's likely they've already been installed on your devices.

Notícias recomendadas

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.