Apple, researchers eye patches to solve Intel chip flaws

Sunday, 07 Jan, 2018

AMD chips are also affected by at least one security flaw.

Speaking on CNBC, Intel's Krzanich said Google researchers told Intel of the flaws "a while ago" and that Intel had been testing fixes that device-makers who use its chips will push out next week.

In a post on the company's website Wednesday, AMD said that one variant of the Spectre vulnerability was resolved by software and operating system updates.

" While the company insists the average user will not be significantly impacted in terms of performance after the fix is issued, reports indicate a different story".

Intel also says the exploits are due to "speculative execution techniques" which are present in almost all modern processors.

"Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via a side channel to the adversary", the 16-page research paper on Spectre stated.

Spectre is a more severe matter and has no easy fix because it relates to the physical design of processors that can not be easily patched with software.

On the change in recommendation from CERT, Gruss said, however, that there were no replacements yet that could address the flaws in processors that he and other researchers have found. "As it is not easy to fix, it will haunt us for quite some time".

So what does one of the biggest security vendors have to say? The New York Times called Meltdown "a particular problem for the cloud computing services run by the likes of Amazon, Google and Microsoft" while The Verge said, "The CPU catastrophe will hit hardest in the cloud", but in fact cloud services have done more to protect themselves against the newfound flaws than most of the rest of us. There is an optional feature now in Chrome called "Site Isolation" that can help to protect users.

While the Meltdown and Spectre issues are risky, there are now patches available to help mitigate the risks of both flaws. Google and Amazon are also updating their cloud services. Microsoft also released a patch and security advisory for Windows, but noted that there is an issue with some "incompatible anti-virus applications" that could leave devices unable to boot and has not pushed the patch to systems with known AV issues.

The company already released updates for Windows 10, Windows 8.1, and Windows 7 operating systems.

While the problem was initially identified in computers based on Intel processors, Google has since pointed out the same security issue can be found in other devices. But now, even major competitors are being forced to tackle this issue together to avoid a potential computing apocalypse.

For those wondering if they are affected by this seemingly abstract problem, the answer is simple: yes, you are likely at risk since Microsoft, Google, Mozilla, Apple, Linux, Firefox, and more appear to be affected by both flaws.

Consumers can mitigate the underlying vulnerability by making sure they patch up their operating systems with the latest software upgrades. CERT also sees the root cause as being hardware-related, with software only providing mitigations.

The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which can not be fully resolved as of yet.