Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]

intelIntel this afternoon addressed reports of a serious design flaw and security vulnerability in its CPUs, shedding additional light on the issue that was uncovered yesterday and has since received extensive media coverage.

In a statement on its website, Intel says that it planned to disclose the vulnerability next week when additional software patches were available, but was forced to make a statement today due to "inaccurate media reports."

According to Intel, the issue is not limited to Intel chips and the exploits in question do not have the potential to corrupt, modify, or delete data. Despite Intel's statement, Intel chips are more heavily impacted, and it's worth noting that Intel makes no mention of reading kernel level data.

Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices -- with many different vendors' processors and operating systems -- are susceptible to these exploits.

Intel says it is working with several other technology companies including AMD, ARM, and operating system vendors to "develop an industry-wide approach" to resolve the problem "promptly and constructively."

As outlined yesterday, the design flaw appears to allow normal user programs to see some of the contents of the protected kernel memory, potentially giving hackers and malicious programs access to sensitive information like passwords, login keys, and more. Fixing the issue involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level.

Despite reports suggesting software fixes for the vulnerability could cause slowdowns of 5 to 30 percent on some machines, Intel claims performance impacts are workload-dependent and will not be noticeable to the average computer user.

Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Intel goes on to say that it believes its products are "the most secure in the world" and that the current fixes in the works provide the "best possible security" for its customers. Intel recommends that users install operating system updates as soon as they are available.

For Mac users, Apple has already addressed the design flaw in macOS 10.13.2, which was released to the public on December 6.

Update: Security researchers have now shared details about two separate critical vulnerabilities impacting most Intel processors and some ARM processors. Called Meltdown and Spectre, the vulnerabilities offer hackers access to data from the memory of running apps, providing passwords, emails, documents, photos, and more.

"Almost every system" since 1995 is impacted according to ZDNet, including computers and smartphones. Meltdown can read the entire physical memory of the target machine, while Spectre is able to break the isolation between different apps. Meltdown, an easy-to-use exploit, affects only Intel chips and can be addressed by a security patch, which could result in some performance issues. Spectre impacts all processors, including those from ARM and AMD, and while it is harder to exploit, there is no known fix. Fully addressing Spectre will require a re-architecture of how processors are designed.

It's not known if hackers have exploited Meltdown and Spectre as of yet, but there are proof-of-concept examples out in the wild. Google's Project Zero team had a hand in unearthing the vulnerabilities and Google has also shared details on the exploits. Full research papers on Meltdown and Spectre are available here.

Update 2: ARM and AMD have both issued statements following Intel's press release. AMD says there is a "near zero risk" to AMD processors at this time, while ARM says its processors are vulnerable.

From AMD:

There is a lot of speculation today regarding a potential security issue related to modern microprocessors and speculative execution. As we typically do when a potential security issue is identified, AMD has been working across our ecosystem to evaluate and respond to the speculative execution attack identified by a security research team to ensure our users are protected.

To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time. We expect the security research to be published later today and will provide further updates at that time.

From ARM:

I can confirm that ARM have been working together with Intel and AMD to address a side-channel analysis method which exploits speculative execution techniques used in certain high-end processors, including some of our Cortex-A processors. This method requires malware running locally and could result in data being accessed from privileged memory. Please note our Cortex-M processors, which are pervasive in low-power, connected IoT devices, are not impacted.

We are in the process of informing our silicon partners and encouraging them to implement the software mitigations developed if their chips are impacted.

Top Rated Comments

timeconsumer Avatar
51 months ago
I wonder how long Intel has known about this flaw.
Apparently the CEO sold a lot of his stock on Nov 29th and kept the bare minimum amount.

https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx
Score: 26 Votes (Like | Disagree)
Apple_Robert Avatar
51 months ago
I wonder how long Intel has known about this flaw.
Score: 26 Votes (Like | Disagree)
velocityg4 Avatar
51 months ago
No... after this, I doubt Intel on security, and from what I gather, this stretches all the way back to the Pentium Pro.

Also, I don't care if it modifies, writes or deletes... the most improtant thing the bug allows reading
At least those running DOS 6 and Windows 3.1 on a 486 are safe.
Score: 24 Votes (Like | Disagree)
kevinthebright Avatar
51 months ago
Shading AMD is just another Intel cheap shot. That company has problems.
Score: 21 Votes (Like | Disagree)
jav6454 Avatar
51 months ago
No... after this, I doubt Intel on security, and from what I gather, this stretches all the way back to the Pentium Pro.

Also, I don't care if it modifies, writes or deletes... the most improtant thing the bug allows reading
Score: 18 Votes (Like | Disagree)
longofest Avatar
51 months ago
I wonder how long Intel has known about this flaw.
I actually kind of doubt they knew about it. While AMD is not affected, it does look like ARM chips are affected. This flaw has potentially been around since Pentium Pro. If Intel knew about it, they'd have quietly fixed it rather than letting it go. I think this is just a really, really good find by the researchers.
Score: 17 Votes (Like | Disagree)

Popular Stories

1x 1

Apple CEO Tim Cook 'Secretly' Signed $275 Billion Deal With China in 2016

Tuesday December 7, 2021 6:49 am PST by
Apple CEO Tim Cook "secretly" signed an agreement worth more than $275 billion with Chinese officials, promising that Apple would help to develop China's economy and technological capabilities, The Information reports. In an extensive paywalled report based on interviews and purported internal Apple documents, The Information revealed that Tim Cook personally forged a five-year agreement...
macbook pro 13 inch banner

Apple Planning Five New Macs for 2022, Including Entry-Level MacBook Pro Refresh

Sunday December 5, 2021 7:55 am PST by
Apple is working on five new Macs for launch in 2022, including a new version of the entry-level MacBook Pro, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman said that he expects Apple to launch five new Macs in 2022, including: A high-end iMac with Apple silicon to sit above the 24-inch iMac in the lineup A significant MacBook Air...
apple watch series 7 aluminum colors

2022 Apple Watch Lineup Rumored to Include New Apple Watch SE and 'Rugged' Model for Sports

Sunday December 5, 2021 8:22 am PST by
Apple is planning an entire revamp of its Apple Watch lineup for 2022, including an update to the Apple Watch SE and a new Apple Watch with a rugged design aimed at sports athletes, according to respected Bloomberg journalist Mark Gurman. Writing in the latest installment of his Power On newsletter, Gurman said that for 2022, alongside the Apple Watch Series 8, Apple is planning an update to ...
apple parts and service history

iOS 15.2 Adds 'Parts and Service History' Feature to iPhone

Tuesday December 7, 2021 9:12 pm PST by
With the launch of iOS 15.2, Apple is adding a new "Parts and Service History" section to the Settings app that will let users see the service history of their iPhones and confirm that components used for repairs are genuine. As outlined in a new support document, iPhone users who have iOS 15.2 or later installed can go to Settings > General > About to access Parts and Service History. The...
IMG 1840

Apple Music Voice Plan Coming in iOS 15.2

Tuesday December 7, 2021 10:25 am PST by
Apple today provided the release candidate version of iOS 15.2 to developers for testing purposes, and in the release notes, Apple says that the new Apple Music Voice Plan is set to launch alongside the update. Introduced in October, the Voice Plan is a new tier for Apple Music that is priced more affordably than a standard Apple Music plan. It's $4.99 instead of $9.99, and is designed...
macbook pro 3

macOS Monterey 12.1 Fixes Major Tap to Click, YouTube HDR, and Charging Bugs

Tuesday December 7, 2021 10:48 am PST by
macOS Monterey 12.1, which is set to be released to the public in the near future, addresses several significant bugs that Mac users have been complaining about for weeks. According to Apple's release notes, it fixes a bug that could cause the trackpad to become unresponsive to taps or clicks. We reported on the Tap to Click bug earlier this month after receiving dozens of complaints from Mac...
2021 MBP SD Card Error Feature

Some SD Cards Not Working Properly With 2021 14 and 16-Inch MacBook Pros

Monday December 6, 2021 2:02 pm PST by
The SD card reader slot on the new 14 and 16-inch MacBook Pro models is not functioning as expected with some SD cards, according to multiple reports on the MacRumors forums. In a long complaint thread, MacRumors readers have detailed the issues that they're having with some SD cards, and there seems to be little consistency between reports and affected SD cards. Some SD cards crash and...
airpods pro blue holiday 3

Deals: AirPods Pro With MagSafe Available for $169.99 and Christmas Delivery on Amazon ($79 Off) [Update: Expired]

Monday December 6, 2021 6:03 am PST by
Amazon today has Apple's AirPods Pro with MagSafe Charging Case for $169.99 and delivery before Christmas Day, down from an original price of $249.00. This is $10 off from the rock bottom $159.99 price tag we tracked on Black Friday and Cyber Monday, and still a great deal for anyone shopping this holiday season. Note: MacRumors is an affiliate partner with Amazon. When you click a link and...
razer chroma fan 1

Razer Launches MagSafe-Compatible Cooling Fan for iPhones

Tuesday December 7, 2021 9:37 am PST by
Razer today announced the launch of the Razer Phone Cooler Chroma, a MagSafe-compatible fan that's designed to attach to the back of an iPhone. While there's a MagSafe version for the iPhone 12 and 13 models, there's also a second version with a clamp design that's meant for Android phones and that would also work with non-MagSafe iPhones. Razer says that the Phone Cooler Chroma has a...