Google’s Project Zero, in collaboration with academic and industry researchers discovered the two flaws – Meltdown and Spectre. Here's how they work and how you can save yourselves from being affected.
Security researchers have disclosed information about a set of security flaws that could let hackers steal sensitive information from almost every device running on an Intel chip, AMD chip or ARM architecture. The security flaw called Meltdown is specific to Intel chips whereas the other, Spectre, affects laptops, desktops, smartphones, tablets along with internet servers running on Intel or AMD or ARM architecture. Users will be required to download a patch to protect themselves from this flaw. If you haven’t, you should enable automatic updates and/or regularly check for updates on your smartphone, tablet and computer.
In an interview with CNBC, Intel CEO Brian Krzanich said, “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.” In the interview, Krzanich goes on to say, that Google researchers informed Intel about the flaws “a while ago”. Intel has been testing fixes that device makers who use the Intel chip can push for their devices in the coming weeks.
According to Reuters, “The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information”.
It is reported that the updates which will fix the problem could result in Intel chips operating 5 to 30 percent slower.
According to Reuters, “Google said it informed the affected companies about the “Spectre” flaw on June 1, 2017 and reported the “Meltdown” flaw after the first flaw but before July 28, 2017.”
AMD on the other hand says that the security flaw “is near zero risk to AMD products at this time.”
Is there a fix?
Apple and Microsoft, both have patches ready for computers running their respective operating systems. Researchers are calling this flaw, “probably one of the worst CPU bugs ever found.”
Meltdown, the security flaw affecting Intel devices is a serious problem in the short term. It can however be fixed via a software update. Spectre on the other hand is the broader bug affecting a larger portfolio of devices. It is harder for hackers to exploit Spectre but it is less easily patched too.
Google has said in a blog post that Android smartphones running the latest security updates are protected from the security flaw. Google adds that Gmail users do not need to take any additional action to protect themselves. However, Chromebook users, Chrome web browser and Google Cloud services will need to install updates.
Amazon Web Services have said that most of its internet servers were patched. The remaining servers are in the process of being patched.
Intel has also issued a statement on the security flaw. The statement reads, “Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data. Recent reports suggest that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits. Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."
Follow Us
Digit NewsDesk
Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile
