Google discovers 'serious' flaws in Intel and other chips

  • Google discovers 'serious' flaws in Intel and other chips

Google discovers 'serious' flaws in Intel and other chips

News of the major security flaw in Intel processors broke two days ago, and since then we've learned that Apple has already patched its Intel based Macs with a previous update.

Both the chipmaker and Google, which informed Intel about the vulnerability in June, said they were planning to disclose the issue next week when fixes will be available. ARM has released patches for several of its chips affected by Spectre, and AMD says there is "near zero risk" to its products at the moment. While more lawsuits are expected, Intel's biggest customers are likely to quietly seek compensation for any harm caused by the vulnerabilities, including costs to patch machines or replace microprocessors, Johnson said. So all devices from computers to smartphones to tablets are impacted by the flaws.

For now, there's only one thing you can do: Update your devices and browser software when the updates are made available. It said that there were no known instances of hackers taking advantage of the flaw to date.

Hardware fixes are, by nature, much slower and more hard (and more expensive!) than software fixes. Gruss adds that it is not easy to detect whether the flaw has been exploited by any attacker since it does not leave any trace in the log files.

The vulnerabilities could allow a hacker to steal your passwords and other sensitive information.

In a statement Thursday, Arm said that the majority of its processors are not affected by Spectre or Meltdown but confirmed that it has been working with Intel, AMD and other partners to develop defenses against the vulnerabilities. Updates for iOS, macOS, tvOS, and watchOS that will further guard against Spectre will be released soon.

There's no complete software patch for Spectre right now, said Michael Daly, chief technology officer of cybersecurity and special missions at Raytheon, a defense company. This general goal technique is already live on the "entire fleet of Google Linux production servers that support all of our products, including Search, Gmail, YouTube, and Google Cloud Platform". Although Linux does have mitigations in place, Linux creator Linus Torvalds is among those who aren't entirely convinced that software will fix all the issues. People with Google-supported Android phones including Nexus and Pixel devices will get that update, but others will have to wait for security updates from their manufacturers.

An unfortunate downside of the software updates is that they might slow your computers and smartphones.

Fixes: Released on Windows, servers, cloud, and Edge and Internet Explorer browsers.

Although Microsoft hasn't yet commented on what performance slowdowns it expects, its Azure service will also be closely watched to see if there are any impacts to processor performance.

To update your Windows 10 system, go to Settings Update & Security Windows Update Check for updates.

However, you need to make sure your antivirus provider is compatible with the update.

In a technical blog post published on Thursday, Google says the software it built to fix the issue - it calls it KPTI - causes "negligible impact on performance".

PCs also require additional hardware protection, so companies will be issuing firmware updates.

Kevin Beaumont, security architect based in the United Kingdom, has been gathering information on such AV compatibility issues.