Recently, a set of security flaws were disclosed. According to the report, those flaws can let hackers steal sensitive information from almost every device that contains a chip from Intel, Advanced Micro Devices, and ARM. Phones, PCs, everything is going to have some impact, but it’ll vary from product to product. The two flaws were discovered by researchers with Alphabet’s Google Project Zero. Many academic and industry researchers were also involved in the discovery.
The first bug is called Meltdown. It affects intel chips and allows hackers to bypass the hardware barrier. The second bug is called Spectre. It allows hackers to trick an error-free application to give up secret information.
The researchers said that Apple and Microsoft have already created patches for their user’s desktop computers which were affected by Meltdown. Microsoft did not comment on the matter and Apple also didn’t return the request for comment on the matter. Daniel Gruss, a researcher at the Graz University of Technology, who was involved in discovering Meltdown said that «probably one of the worst CPU bugs ever found». Gruss said that the Meltdown was a more serious problem in the short term but it can be stopped with software patches.
Spectre, on the other hand, is a broader bug and is applied to nearly all computing devices. It is harder for hackers to take advantage of it. It cannot be patched easily and therefore will be a bigger problem in the future. Google said that the affected companies were informed about the ‘Spectre’ flaw on June 1, 2017.
It also reported about the Meltdown flaw later on before July 28, 2017. The Register, a tech publication, was the first to report the flaws. It also reported that the update to fix the problems can make the Intel chips 5 to 30 percent slow. However, Intel denied that the fix will slow down the computers.
ARM spokesman, Phil Hughes told that the patches have already been shared with the partner companies. The company told that there is near zero risks to AMD products at this time. Users who have Chromebooks, Chrome web browser and Google cloud services also need to install the latest updates. Gmail users are however safe and do not need to take any action.
This will compromise individual computers and even the entire network server. Dan Guido, the chief of cybersecurity consulting firm Trail of Bits, said that the businesses should move to update vulnerable systems as soon as possible. He said that hackers will quickly develop a code that can be used to launch attacks that exploits the vulnerabilities. Guido said, Exploits for these bugs will be added to hacker’s standard toolkits.
Since the report came, the shares in Intel have fallen down by 3.4%. But they went back up 1.2% to $44.70. The shares in AMD were up by 1% to $11.77. Hans Mosesmann of Rosenblatt Securities in New York said, The current Intel problem, if true, would likely not require CPU replacement in our opinion.