Critical flaws put nearly all devices at risk

Adjust Comment Print

Meltdown and Spectre were identified by researchers at Google's Project Zero security team earlier this week, and could allow hackers access to all files within an affected device.

The underlying flaw in all microprocessors, dubbed Spectre, also leaves machines running on ARM and AMD architecture vulnerable.

According to one of the report's authors Dr Yuval Yarom, researcher at the University of Adelaide and Data61, the exploits could allow computer programs to access data they should not be allowed to see. " This protected kernel memory includes access to passwords, encrypted information and other crucial data, and Meltdown exploit can be used to access this, putting the user at risk".

This bug affects Desktops, Laptops and even the servers from top-level vendors including Microsoft Azure and Amazon Cloud services.

But the potential for a broad attack was far larger than most security weaknesses hardware makers spot.

Will the patch for Meltdown and Spectre slowdown my device?

Android devices with the latest security update from January 2018 are protected from the vulnerabilities, Google wrote in a blog post. However, the three plaintiffs allege that these patches of the security issues on their systems will slow down their system performance.

Unfortunately, the Microsoft fix may result in some performance dips.

"We're aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers", said Microsoft in a statement.

Apple has already rolled out patches for iOS, macOS and tvOS to address the Meltdown vulnerability.

Despite the patching, the security researchers say the Spectre security flaw, although harder to exploit, is also more difficult to fully patch.

Windows, Linux and Apple devices across the world will have to be updated with downloadable software patches. Intel in response said that " any performance impacts are workload-dependent, and for the average computer user, should not be significant and will be mitigated over time".

The security flaw affects Intel, AMD, and ARM processors. It should be noted that the second exploit Spectre impacts almost all processors on all devices, including those from Intel, AMD, those with ARM architecture, which is most smartphones.

In a post on its newsroom area, Intel said that these exploits can't corrupt, modify or delete data. That feature anticipates what information might be needed next - such as a password to a website - and makes it available in a "secure area" of the chip, speeding computing, Intel staff said on a conference call with reporters and analysts Wednesday afternoon.