Intel is rising after saying it's fixed the 'Spectre' CPU flaw

Share

The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which can not be fully resolved as of yet.

There's no evidence that bad actors have yet exploited the bugs, but companies from Microsoft to Mozilla said this week they have worked to patch up vulnerabilities to their operating systems and browsers to protect against one of the bugs.

Fixes: Available for iPhones, iPads, Macs, and Apple TV.

Intel is up 22% over the a year ago. "As it is not easy to fix, it will haunt us for quite some time", the researchers said, explaining why they chose to call the flaw Spectre.

While the Meltdown and Spectre issues are unsafe, there are now patches available to help mitigate the risks of both flaws. The long-term solution may rely on a hardware redesign, he said, with software patches acting to monitor and stop malicious behavior.

"Right now it's kind of tricky to take advantage of it", Daly said. "They will improve on it".

Intel denied that the patches would bog down computers based on Intel chips. "Furthermore, software updates can fix most of the problems, leaving only a small remaining attack surface". There could be a potential performance hit for Intel users, but the company says it will be "highly workload dependent" and not noticeable by typical users. "Intel is committed to responsible disclosure".

Chamarty says removing the vulnerability requires a fundamental change in the way modern processors operate - a function called "speculative execution" - a change that could drastically reduce speeds.

The lead cloud provider, Amazon, also said on Thursday that it did not expect performance to be severely impacted. The update is now only automatically available for Windows 10 users, with Windows 7 and 8 getting the automated update on January 9.

"If you download the latest update from Microsoft, Apple, or Linux, then the problem is fixed for you and you don't have to worry", security researcher Rob Graham said in a blog post Thursday. Updates for iOS, macOS, tvOS, and watchOS that will further guard against Spectre will be released soon.

Cybersecurity researchers have uncovered security flaws in chips used by smartphones and computers that could be exploited by hackers to get your personal information. One of the stranger things about the media coverage of Specter and Meltdown has been its emphasis on the idea that these vulnerabilities are especially risky for cloud computing, in which multiple customers' data may be stored on the same servers.

Hardware fixes are, by nature, much slower and more hard (and more expensive!) than software fixes since they require all of us to go out and buy new computers rather than just downloading a patch-though convincing people to install updates is a challenge of its own.

The CPU flaws have been branded as Meltdown and Spectre and have widespread impact across different silicon, operating system, browser and cloud vendors. But AMD also told its customers that "total protection from all possible attacks remains an elusive goal" and encouraged them to regularly update their software.

But Intel said in a statement after US stock markets closed on Thursday that the performance impact of the recent security updates should not be significant and would be mitigated over time. Intel shares fell 1.8 percent, following a 3.4 percent decline Wednesday.

At present, it's not known if attackers have used either the Meltdown or Spectre vulnerability to exploit users.

Share