The leading chipmakers Intel, AMD and ARM are facing a vulnerability that afflicts ‘modern computing devices’ and can grant hackers access to sensitive data.
Security researchers have found this vulnerability in chips built by Intel, AMD (Advanced Micro Devices) and ARM Holdings. One of the bugs which is rooted in Intel processors that purportedly allows miscreants to access device kernel memory data, a potential threat that once exploited can easily disclose passwords and other important credentials. As per reports, the Intel processors with the ‘x-86-64 hardware’ have a security flaw that makes a vast number of computers susceptible to hacking.
The vulnerability first disclosed by the Register noted that the bug could allow cyber-criminals to steal information stored in the kernel memory of ‘computer chips’ on a computer, servers in data centres and even those devices running cloud computing services.
Alphabet’s Google Zero Team in collaboration with academic and industry researchers from different countries have uprooted two security flaws, Reuters point out. One such issue called Meltdown that impacts Intel chips and allows hackers to access data from the memory on users device and steal passwords, sensitive information ‘open in applications’. The second bug named Spectre meanwhile affects chips made by Intel, ARM and AMD and lets hackers to trick ‘error-free applications’ to shell out sensitive information.
Intel is aware of the vulnerability and issued a statement stating that they are “working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits.”
The Register reports that “Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system.” Microsoft could likely issue ‘necessary changes’ to its Windows OS in the upcoming patch on Tuesday, the report says
Further, Reuters quoting researchers said that Apple and Microsoft are keeping patches ready for personal devices (computers) affected by Meltdown vulnerability.
While the patches could minimise the effect to an extent, the Registers and few users suggested that this could result in the operating system’s performance slowdown. Intel in response said that”any performance impacts are workload-dependent, and for the average computer user, should not be significant and will be mitigated over time.”
Microsoft has also acknowledged the issue and told CNBC (via email), “We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, Arm, and AMD.”
Google meanwhile updating its public cloud service to obviate the Spectre and Meltdown vulnerability told the publication, “We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts.”