Major security flaw found in Intel processors

Developers scramble to fix bug within Intel chips made in the last decade that will affect millions of computers running Windows, mac OS and Linux

A security flaw has been found in virtually all Intel processors that will require fixes within Windows, macOS and Linux, according to reports.

Developers are currently scrambling behind the scenes to fix the significant security hole within the Intel chips, with patches already available within some versions of Linux and some testing versions of Windows, although the fixes are expected to significantly slow down computers.

The specific details of the flaw, which appears to affect virtually all Intel processors made in the last decade and therefore millions of computers running virtually any operating system, have not been made public.


What can I do about the Meltdown and Spectre flaws?

Show Hide

Users can do little to avoid the security flaws apart from update their computers with the latest security fixes as soon as possible. Fixes for Linux and Windows are already available. Chromebooks updated to Chrome OS 63, which started rolling out in mid-December, are already protected.

Android devices running the latest security update, including Googles Nexus and Pixel smartphones, are already protected. Updates are expected to be delivered soon. Users of other devices will have to wait for the updates to be pushed out by third-party manufacturers, including Samsung, Huawei and OnePlus.

An update from Apple on what is needed for its Mac computers and iOS devices is expected.

Thank you for your feedback.

But details of the fixes being developed point to issues involving the accessing of secure parts of a computers memory by regular programs. It is feared that the security flaw within the Intel processors could be used to access passwords, login details and other protected information on the computer.

Modern operating systems rely upon Intels chips to provide some essential security services but if a flaw has been found then the operating systems themselves will need to be updated to do the job that they believed Intels chips were doing properly, said independent security expert Graham Cluley.

The fixes involve moving the memory used by the core of the computers operating system, known as the kernel, away from that used by normal programs. In that way, normal programs, including anything from javascript from a website to computer games, cannot be manipulated to exploit the hole and gain access to the protected kernel memory.

But implementing the fix is expected to significantly affect the performance of the computer, making some actions up to around 30% slower.

The UKs National Cyber Security Centre (NCSC) said it was aware of the issue and that patches were being produced.

While normal computer users could see performance problems, the security flaw also affects cloud servers, with Amazon, Microsoft and Google all expected to have to fix the bug with similar performance-reducing patches.

The exact severity of the flaw has not yet been publicly disclosed, but the lengths being taken by the various operating system developers to fix something indicates that they view it as a serious problem that apparently cannot be patched with a small update.

The good news is that it sounds as if this flaw has been known about (but kept quiet) for a couple of months. The bad news is that users will once again have to install a security update, and businesses are likely to have to restart thousands of computers to apply the fixes, said Cluley.

More details are expected to be divulged as soon as the end of this week, along with fixes for operating systems.

Intel did not respond to request for comment.

Need something explained?

Pick a question: Well answer the one that generates the most interest shortly

Do the security flaws only affect Intel processors? Ask What should I do about it? Ask Will any fix permanently affect the speed of my computer? Ask

Thank you for participating

Well answer the one that generates the most interest shortly. How would you like to get notified when its ready?

Thank you for your interest

Were actively developing these notification features but they are not yet built. Were using your feedback to understand how you would like to be notified of the answers. Thanks again.

Read more:


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s