This week Intel found themselves on the wrong end of the controversy stick as a bug, flaw, or whatever you’d like to call it, appeared on Intel computers. What they suggest is that they are not the only company whose products are “susceptible to these exploits.” Intel made clear several times in a comment to the press that they were not the only hardware manufacturers that are part of this mess.
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed, said Intel. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
Much as we suggested earlier today, the problem isn’t something to get too bent out of shape about. For the everyday user, the problem isn’t much of a problem at all. They also suggest that the fix for the problem won’t be extremely significant. Intel wrote today that “any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
“Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively,” said Intel. “Intel has begun providing software and firmware updates to mitigate these exploits.”
Intel suggested in their note this afternoon that users should update their computers as soon as any updates are available. That goes for you – the reader of this article – no matter what kind of computer you’ve got. Update your OS, update your software, for your own safety. Or don’t, but don’t say I didn’t say you should’ve!
UPDATE with ARM Statement: ARM confirmed that Cortex-A processors are affected by this situation, but that others aren’t so much. “This method requires malware running locally and could result in data being accessed from privileged memory,” ARM said in a statement VIA Axios. “Our Cortex-M processors, which are pervasive in low-power, connected IoT devices, are not impacted.”
UPDATE with AMD Statement:
“To be clear, the security research team identified three variants [of this attack] targeting speculative execution,” said AMD in a statement today. “The threat and the response to the three different variants differ by microprocessor company, and AMD is not susceptible to all three variants.”
“Due to the differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time,” said AMD. “We expect the security research to be published later today and will provide further updates at that time.”
See more information about this situation in our article Key details of the huge x86 chip problem. We’ll be updating that post as more information is discovered and uncovered as such.
UPDATE 3: In a press call this afternoon, Intel suggested that the average user will see somewhere between a 0 and 2% processing speed decrease with the first fix. Basically non-existent and non-relevant – unless of course your processing power matters down to the single-digit, and it very well might.
UPDATE 4: Google seems to have been part of the research that discovered this flaw. They suggested today that they discovered the potential for the situation all the way back a year ago! Google also mentioned in their release that this information was originally set to be released on the 9th of January, 2017, in a coordinated fashion with other affected companies. Google has a list of affected products
See MeltdownAttack.com for more information (from the bug seekers themselves.)