Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]

intelIntel this afternoon addressed reports of a serious design flaw and security vulnerability in its CPUs, shedding additional light on the issue that was uncovered yesterday and has since received extensive media coverage.

In a statement on its website, Intel says that it planned to disclose the vulnerability next week when additional software patches were available, but was forced to make a statement today due to "inaccurate media reports."

According to Intel, the issue is not limited to Intel chips and the exploits in question do not have the potential to corrupt, modify, or delete data. Despite Intel's statement, Intel chips are more heavily impacted, and it's worth noting that Intel makes no mention of reading kernel level data.

Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices -- with many different vendors' processors and operating systems -- are susceptible to these exploits.

Intel says it is working with several other technology companies including AMD, ARM, and operating system vendors to "develop an industry-wide approach" to resolve the problem "promptly and constructively."

As outlined yesterday, the design flaw appears to allow normal user programs to see some of the contents of the protected kernel memory, potentially giving hackers and malicious programs access to sensitive information like passwords, login keys, and more. Fixing the issue involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level.

Despite reports suggesting software fixes for the vulnerability could cause slowdowns of 5 to 30 percent on some machines, Intel claims performance impacts are workload-dependent and will not be noticeable to the average computer user.

Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Intel goes on to say that it believes its products are "the most secure in the world" and that the current fixes in the works provide the "best possible security" for its customers. Intel recommends that users install operating system updates as soon as they are available.

For Mac users, Apple has already addressed the design flaw in macOS 10.13.2, which was released to the public on December 6.

Update: Security researchers have now shared details about two separate critical vulnerabilities impacting most Intel processors and some ARM processors. Called Meltdown and Spectre, the vulnerabilities offer hackers access to data from the memory of running apps, providing passwords, emails, documents, photos, and more.

"Almost every system" since 1995 is impacted according to ZDNet, including computers and smartphones. Meltdown can read the entire physical memory of the target machine, while Spectre is able to break the isolation between different apps. Meltdown, an easy-to-use exploit, affects only Intel chips and can be addressed by a security patch, which could result in some performance issues. Spectre impacts all processors, including those from ARM and AMD, and while it is harder to exploit, there is no known fix. Fully addressing Spectre will require a re-architecture of how processors are designed.

It's not known if hackers have exploited Meltdown and Spectre as of yet, but there are proof-of-concept examples out in the wild. Google's Project Zero team had a hand in unearthing the vulnerabilities and Google has also shared details on the exploits. Full research papers on Meltdown and Spectre are available here.

Update 2: ARM and AMD have both issued statements following Intel's press release. AMD says there is a "near zero risk" to AMD processors at this time, while ARM says its processors are vulnerable.

From AMD:

There is a lot of speculation today regarding a potential security issue related to modern microprocessors and speculative execution. As we typically do when a potential security issue is identified, AMD has been working across our ecosystem to evaluate and respond to the speculative execution attack identified by a security research team to ensure our users are protected.

To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time. We expect the security research to be published later today and will provide further updates at that time.

From ARM:

I can confirm that ARM have been working together with Intel and AMD to address a side-channel analysis method which exploits speculative execution techniques used in certain high-end processors, including some of our Cortex-A processors. This method requires malware running locally and could result in data being accessed from privileged memory. Please note our Cortex-M processors, which are pervasive in low-power, connected IoT devices, are not impacted.

We are in the process of informing our silicon partners and encouraging them to implement the software mitigations developed if their chips are impacted.

Top Rated Comments

timeconsumer Avatar
41 months ago
I wonder how long Intel has known about this flaw.
Apparently the CEO sold a lot of his stock on Nov 29th and kept the bare minimum amount.

https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx
Score: 26 Votes (Like | Disagree)
Apple_Robert Avatar
41 months ago
I wonder how long Intel has known about this flaw.
Score: 26 Votes (Like | Disagree)
velocityg4 Avatar
41 months ago
No... after this, I doubt Intel on security, and from what I gather, this stretches all the way back to the Pentium Pro.

Also, I don't care if it modifies, writes or deletes... the most improtant thing the bug allows reading
At least those running DOS 6 and Windows 3.1 on a 486 are safe.
Score: 24 Votes (Like | Disagree)
kevinthebright Avatar
41 months ago
Shading AMD is just another Intel cheap shot. That company has problems.
Score: 21 Votes (Like | Disagree)
jav6454 Avatar
41 months ago
No... after this, I doubt Intel on security, and from what I gather, this stretches all the way back to the Pentium Pro.

Also, I don't care if it modifies, writes or deletes... the most improtant thing the bug allows reading
Score: 18 Votes (Like | Disagree)
longofest Avatar
41 months ago
I wonder how long Intel has known about this flaw.
I actually kind of doubt they knew about it. While AMD is not affected, it does look like ARM chips are affected. This flaw has potentially been around since Pentium Pro. If Intel knew about it, they'd have quietly fixed it rather than letting it go. I think this is just a really, really good find by the researchers.
Score: 17 Votes (Like | Disagree)

Top Stories

microsoft edge ios android

Bill Gates Says His Preference for Android Over iPhone is Due to Pre-Installed Software

Friday February 26, 2021 3:35 am PST by
Microsoft co-founder Bill Gates this week participated in his first meeting on Clubhouse, the increasingly popular invite-only conversation app, where he fielded a range of questions as part of an ongoing book tour. Gates was interviewed by journalist Andrew Ross Sorkin, and given that the Clubhouse app is currently only available on iOS, naturally one of the questions that came up was...
Top Stories 47 Feature copy

Top Stories: MacBook Pro, iMac, and AirPods Rumors, macOS 11.2.2, MagSafe Wallet Revisited

Saturday February 27, 2021 6:00 am PST by
March is right around the corner, and that means our first good opportunity for Apple product launches in 2021 as the company frequently has significant launches in March or April each year. We're hearing rumors about MacBook Pro, iMac, AirPods, and more, although many of these will be coming out at different times over the course of the year. This week also saw a macOS update to address a ...
iphone 6 in hand

Apple Faces Another iPhone Lawsuit Over 'Programmed Obsolescence'

Monday March 1, 2021 6:44 am PST by
Apple faces a new class-action lawsuit that accuses it of deliberately releasing iOS updates that slowly reduce the performance of an iPhone, forcing customers to upgrade their devices. The lawsuit comes from the Portuguese Consumer Protection Agency, Deco Proteste (via Marketeer), which in a statement says that it will proceed with a case against the Cupertino tech giant because it...
maxresdefault

HomeKit Essentials Worth Checking Out

Saturday February 27, 2021 7:05 am PST by
HomeKit was slow to take off after its 2014 launch, but now that it's been around for seven years, there are hundreds of HomeKit products available, ranging from doorbells and speakers to TVs, lights, and cameras. In our latest YouTube video, we rounded up some of our favorite HomeKit products that we find most useful. Subscribe to the MacRumors YouTube channel for more videos. HomePod...
First Look Big Sur Feature2

Apple Releases macOS Big Sur 11.2.2 to Prevent MacBooks From Being Damaged by Third-Party Non-Compliant Docks

Thursday February 25, 2021 10:07 am PST by
Apple today released macOS Big Sur 11.2.2, the fourth update to the macOS Big Sur operating system that launched in November. macOS Big Sur 11.2.2 comes two weeks after the release of macOS Big Sur 11.2.1, a bug fix update. The new ‌‌‌‌macOS Big Sur‌‌‌ 11.2.2‌ update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences....
iphone 12 pro display video

iPhone 13 to Include 1TB Storage Option and LiDAR Across the Board, Says Wedbush Analyst

Monday March 1, 2021 4:00 am PST by
Apple's forthcoming iPhone 13 could include a 1TB storage option for some models and LiDAR Scanners across the entire lineup, according to a report from Wedbush analysts. In a new note to investors, seen by MacRumors, Wedbush analyst Daniel Ives said that initial Asian supply chain checks gave the firm "increased confidence" that Apple's 5G-driven product cycle would extend well into 2022,...
flat mbp 14 inch feature yellow

Redesigned 14-Inch MacBook Pro Expected to Feature Brighter Mini-LED Display With Slimmer Bezels and More

Thursday February 25, 2021 7:48 am PST by
Apple plans to unveil new 14-inch and 16-inch MacBook Pro models with Mini-LED-backlit displays in the second half of this year, according to industry sources cited by Taiwanese supply chain publication DigiTimes. The report claims that Radiant Opto-Electronics will be the exclusive supplier of the Mini-LED backlight units, while Quanta Computer is said to be tasked with final assembly of the...
mac mini developer transition kit photo feature

Apple Requiring Developers to Return DTK Mac Minis by March 31

Friday February 26, 2021 3:57 pm PST by
Apple today sent out emails to developers who are in possession of a Developer Transition Kit, asking them to return the machines by March 31. The Developer Transition Kits are Mac minis with A12Z chips that Apple provided for development purposes ahead of the release of the M1 Macs. Apple in the emails provided developers with shipping instructions, and plans to begin collecting the DTKs...
iphone 12 120hz thumbnail feature

Kuo: iPhone 13 Lineup to Feature Smaller Notch and Larger Batteries, 120Hz Display for Pro Models, and More

Monday March 1, 2021 7:50 am PST by
iPhone 13 models will all feature a smaller notch, while the two Pro models will be equipped with low-power LTPO display technology for a 120Hz refresh rate, analyst Ming-Chi Kuo said today in a research note obtained by MacRumors. Subscribe to the MacRumors YouTube channel for more videos. Several other sources have previously claimed that some iPhone 13 models will support a 120Hz refresh...
unc0ver version 6 release

Jailbreak Tool 'unc0ver' 6.0.0 Released With iOS 14.3 Compatibility

Sunday February 28, 2021 9:26 am PST by
The team behind the "unc0ver" jailbreaking tool for iOS has released version 6.0.0 of its software, which can allegedly be used to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability. The unc0ver website describes how the tool has been extensively tested across a range of iOS devices running various software versions, including an iPhone 12 Pro Max running iOS ...