The security researchers recently discovered two critical security vulnerabilities in Intel, AMD and ARM chipsets. Nearly all computers and smartphones have been exposed to the critical security flaws which could be used by attackers to steal sensitive data. Google’s Project Zero security team recently discovered the bug in processors from Intel, while it has been already confirmed that the bug also exists in AMD and ARM chipsets.
Meltdown and Spectre security vulnerabilities – What are the bugs?
Meltdown is a security flaw in the hardware design of the chipsets that affects computers with Intel processor. This bug affects Desktops, Laptops and even the servers from top-level vendors including Microsoft Azure and Amazon Cloud services.
Spectre is a security flaw that affects select smartphones and mobile computing devices with Intel, ARM and AMD chipsets.
This is a hardware-level bug that could allow attackers to access sensitive data stored in the kernel memory. To fix the bug, Microsoft and other OS vendors need to redesign their kernels, this requires an OS-level overwrite of the kernel.
Am I affected?
Probably, yes. But you should not panic as we are not aware of any exploits. It’s worth noting that the bugs are discoverable. However, Microsoft, Apple, Amazon and Google have already addressed the security bug with the latest cumulative updates for their respective platforms.
What is Intel saying?
Intel issued a press statement on Wednesday revealing that the security flaw is not only affecting the Intel CPUs. Intel has also confirmed that the exploits don’t have the potential to “corrupt, modify or delete data” on your device.
“Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits,“ Intel said in a press release.
Intel is closely working with the rivals AMD and ARM to fix the critical security loophole as soon as possible. Furthermore, Intel has already provided the vendors and developers with software and firmware updates. As we noted above — Microsoft, Apple, Amazon and Google have already patched their devices and servers.
AMD says it’s mostly not affected by this problem
While the revealations claimed that the security bug is affecting the devices with processors from AMD as well. The company, however, confirmed that it’s not affected by this problem. In a statement to CNBC, AMD explained the difference in architecture between Intel and AMD chipset puts AMD at “zero risks”.
“Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time,” an AMD spokesperson said.
How to fix Meltdown and Spectre security vulnerabilities
Make sure your device is up-to-date and officially supported. Since Intel provided the vendors with new software, OS vendors have had time to try to fix Meltdown and Spectre security vulnerabilities.
Microsoft, Apple and Google have addressed the critical security bug with the December or January Update.
Microsoft yesterday released an emergency update for Windows operating system to address the vulnerabilities. The latest cumulative update for Windows 10, Windows 8.1 and Windows 7 includes a fix for the vulnerability in some chipsets.
Google has already addressed the bug in Android phones with the January 5 security update for the operating system. For now, the Pixel and Nexus users are only protected.
Apple already patched the nasty security flaw in its Mac platform last month with the macOS High Sierra 10.13.2 release. Apple says that the bug has been partially fixed and it will be completely addressed with the macOS 10.13.3 software update.
Will the patch for Meltdown and Spectre slowdown my device?
While in theory, it appears that the performance of PCs might take a hit, the impact for average computer users wouldn’t be significant. The platforms such as Microsoft’s Azure and Amazon EC2 will be mostly affected.
The earlier reports claimed that the impact on the performance of devices will range from 5% to 30%, though the truth is that the regular people won’t be affected as much as it appears.
Any more details?
Since the exact bug is under heavy embargo due to its nature, no other details are available. The full public details are scheduled to be released on January 9. We’ll update the article once more information is available.