Intel is rapidly issuing software patches and firmware updates to immune the systems from a major processor security flaw.
The recent discovery of a security flaw in Intel processor chips by researchers at Google Project Zero took the internet by storm. The CPU bugs Meltdown and Spectre are known to affect every computing device, especially all with Intel’s processors manufactured since 1995. However, immediately a day after the issue was made public, Intel started issuing updates to safeguard all Intel-based computer systems from the exploits. The Meltdown and Spectre issues became public just a week before the company’s CES keynote. Hence, the focus of the Intel chief today was more on defending their products rather than talking about the future of Intel chips in the new emerging markets.
The chipmaker said that it has already issued updates for most of the products introduced in past five years, and by end of next week, more than 90 percent of processor products will receive the updates. No announcements were made on issuing the patches for processors older than five years. At CES today, Intel’s CEO Brian Krzanich also promised that the remaining 10 percent will get updates by end of the month.
What Are Meltdown and Spectre?
Meltdown and Spectre are CPU bugs that enables a user process to read kernel memory and trick the applications to access secret information, leaving all modern computing machines such as desktop computers, mobile phones or servers vulnerable to data theft. Intel however isn’t alone as the issue affects all processors from ARM, Qualcomm as well as AMD.
The bugs are a result of development factor designed to increase the speed of the processors. The issue was discovered in June last year and Google already informed about the bugs in the following months. The details of the issue were already planned to be released on 9th January, but early reports forced the companies to announce sooner.
The solution from Intel and its partners involves separating the kernel memory from the ordinary processes, which will have a dramatic impact on the operating speed of the chip. However, Krzanich also mentioned that the fix will have performance impact depending on the workload. “We believe the performance impact of these updates is highly workload-dependent,” he said. “As a result, we expect some workloads may have a larger impact than others. As of now, we have not received any information that these exploits have been used to retrieve customer data.” It is expected that virtualization systems like Amazon EC2 or Google Compute Engine will have the biggest impact.
"As of now, we have not received any information that these exploits have been used to obtain customer data."
He also said that there have been no known cases of exploiting the security flaw. “As of now, we have not received any information that these exploits have been used to obtain customer data," he said. “We’re working tirelessly on these issues to ensure it stays that way.”
The company has also encouraged computer users globally to make use of automatic update features available in their operating systems or other computer software, to ensure that their systems are up-to-date.