Intel CPU Processor Design Flaw May Cause Up to 30% Performance Drop

Adjust Comment Print

The leading chipmakers Intel, AMD and ARM are facing a vulnerability that afflicts "modern computing devices" and can grant hackers access to sensitive data.

Apple will release a patch for the Safari web browser on its iPhones, iPads and Mac within days, it announced yesterday.

Unauthorized access will be hard to detect so cloud-computing providers need to act quickly to protect against these vulnerabilities, said Ryan Kalember, senior vice president of cybersecurity at Proofpoint.

Researchers from Google have unearthed a security lapse incorporated in a feature of Intel processors. "By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years", the chipmaker said.

Security researchers revealed the existence of Meltdown and Spectre on Wednesday. Dedicated hackers - perhaps state-sponsored - are free to work full-time to look for holes in security they can exploit.

The flaws, which affect every device that runs on a chip processor, may allow hackers to steal the entirety of your devices' memory - and they've launched the big dogs (Amazon, Apple, Google, Microsoft) into software update panic mode. He points to the potential for the bugs to be triggered through website code, mentioned in the paper released by the researchers, as one cause for concern.

More news: House OKs Surveillance Renewal, Rejects Warrant Amendment
More news: Disagreement Over Paris Deal Re-emerges During US-Norway Talk
More news: Israel to approve 1200 settlement homes in West Bank

In this case, an emergency update of the OS version may reduce the performance of devices up to 30%. The company in its presentation also says the exploits do not impact just "one architecture or processor implementation".

It is hard to tell whether hackers have carrier out attacks through these exploits as neither Spectre nor Meltdown leaves any trace in log files.

Microsoft, Apple and Google have addressed the critical security bug with the December or January Update. ARM has claimed that a majority of its processors have not been affected by Spectre or Meltdown. "Based on the analysis to date, many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits", it said.

What's not quite so clear is the price you'll pay when those updates are installed. Most devices, especially older models and budget smartphones are not on the latest security update.

Nearly all the devices that are "affected" or are "vulnerable" to the flaws, so all are open to attack.

Windows 10 users have already received the update KB4056892 earlier this month, while Windows 7 and Windows 8 users will be getting the update next Tuesday. For Firefox, mitigations for Meltdown and Spectre are available with Firefox 57.0.4 update and these will be available with Chrome 64.