By Douglas Busvine and Stephen Nellis
FRANKFURT/SAN FRANCISCO (Reuters)
Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp <INTC.O>, Advanced Micro Devices Inc <AMD.O> and ARM Holdings
One of the bugs is specific to Intel but the other affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.
Researchers with Alphabet Inc‘s <GOOGL.O> Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws.
The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.
The researchers said Apple Inc <AAPL.O> and Microsoft Corp <MSFT.O> had patches ready for users for desktop computers affected by Meltdown. Microsoft and Apple did not immediately return requests for comment.
Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it “probably one of the worst CPU bugs ever found” in an interview with Reuters
Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches. Spectre, the broader bug that applies to nearly all computing devices, is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term, he said.
Earlier in the day, Intel had acknowledged a report that a design flaw in its chips could let hackers steal data from computing devices but said that it was working on a solution that would not significantly slow computers.
YouTube (Hardware Unboxed):
On Tuesday, tech publication The Register reported the flaw in Intel microprocessors required updates to computer operating systems, adding that the fix causes the chips to operate more slowly.
Intel said the problem was broader than its chips alone and that it was working with Advanced Micro Devices Inc <AMD.O>, ARM Holdings and others to fix the problem.
Intel also denied that the patches would bog down computers based on Intel chips
“Intel has begun providing software and firmware updates to mitigate these exploits,” Intel said in a statement. “Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
ARM spokesman Phil Hughes confirmed that ARM was working with AMD and Intel to fix a security hole found by researchers but said it was “not an architectural flaw” and that patches had already been shared with the companies’ partners, which include most smartphone manufacturers.
Keep reading …