Analysts suggest CPU security flaw won't create long-term economic hit for Intel

Both ARM and AMD have released updates to its vendors and manufacturers to mitigate the flaws, but users of affected Chinese smartphones will have to wait until the respective companies push out the updates to their devices.

Intel chief executive Brian Krzanich sold some US$39 million worth of stock and options in November, several months after Intel said it was notified by Google's security researchers of the security flaws affecting the company's chips.

While speculation about Meltdown was present before the official disclosure, there were few public indications about the Spectre issues, which are potentially significantly more troublesome. The flaw is in how memory isolation works on Intel CPUs, despite the use of mechanisms such as Address Space Layout Randomization (ASLR), which is widely used in all modern operating systems. It is also known as CVE-2017-5754 or "rogue data cache load", but has earned the nickname Meltdown because it melts the boundaries which hardware normally enforces. It's called Spectre after the process it abuses, speculative execution. One of the stranger things about the media coverage of Specter and Meltdown has been its emphasis on the idea that these vulnerabilities are especially risky for cloud computing, in which multiple customers' data may be stored on the same servers.

Intel Corp INTC.O said fixes for security issues in its microchips would not slow down computers, rebuffing concerns that the flaws found in microprocessors would significantly reduce performance.

The Spectre flaw contains two different exploitation techniques called CVE-2017-5753 or "bounds check bypass", and CVE-2017-5715 or "branch target injection", according to Apple.

WE'RE NOT EVEN a week into 2018 and already the New Year has thrown a massive spanner in the works for anyone hoping to have a year free of a large-scale security threat.

Google is also working to provide new protections in its Chrome browser to help protect against Meltdown and Spectre.

Fixes: Released for Android, Google Cloud, and pending for Chrome.

While the Meltdown and Spectre issues are risky, there are now patches available to help mitigate the risks of both flaws.

Consumers can mitigate the underlying vulnerability by making sure they patch up their operating systems with the latest software upgrades. If you don't have automatic updates turned on, go to Windows Settings to manually update. These services, offered by Amazon, Microsoft, Google, IBM and others, give smaller companies access to data centres, web hosting and other services they need to run their businesses.

The upstream Linux kernel has already patched for the issues as well, and multiple Linux distributions including Red Hat, SUSE and Ubuntu have provided updates to their users. He warned that this should protect users for now, but the fact that malicious actors will continue to find ways to exploit the Meltdown and Spectre flaws "make it clear that CPU architecture decisions need to be rethought".

Torvalds isn't the only one who believes something more than software patches is needed to fully resolve Meltdown and Spectre. "Fully removing the vulnerability requires replacing vulnerable CPU hardware".

Related news