Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]

intelIntel this afternoon addressed reports of a serious design flaw and security vulnerability in its CPUs, shedding additional light on the issue that was uncovered yesterday and has since received extensive media coverage.

In a statement on its website, Intel says that it planned to disclose the vulnerability next week when additional software patches were available, but was forced to make a statement today due to "inaccurate media reports."

According to Intel, the issue is not limited to Intel chips and the exploits in question do not have the potential to corrupt, modify, or delete data. Despite Intel's statement, Intel chips are more heavily impacted, and it's worth noting that Intel makes no mention of reading kernel level data.

Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices -- with many different vendors' processors and operating systems -- are susceptible to these exploits.

Intel says it is working with several other technology companies including AMD, ARM, and operating system vendors to "develop an industry-wide approach" to resolve the problem "promptly and constructively."

As outlined yesterday, the design flaw appears to allow normal user programs to see some of the contents of the protected kernel memory, potentially giving hackers and malicious programs access to sensitive information like passwords, login keys, and more. Fixing the issue involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level.

Despite reports suggesting software fixes for the vulnerability could cause slowdowns of 5 to 30 percent on some machines, Intel claims performance impacts are workload-dependent and will not be noticeable to the average computer user.

Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Intel goes on to say that it believes its products are "the most secure in the world" and that the current fixes in the works provide the "best possible security" for its customers. Intel recommends that users install operating system updates as soon as they are available.

For Mac users, Apple has already addressed the design flaw in macOS 10.13.2, which was released to the public on December 6.

Update: Security researchers have now shared details about two separate critical vulnerabilities impacting most Intel processors and some ARM processors. Called Meltdown and Spectre, the vulnerabilities offer hackers access to data from the memory of running apps, providing passwords, emails, documents, photos, and more.

"Almost every system" since 1995 is impacted according to ZDNet, including computers and smartphones. Meltdown can read the entire physical memory of the target machine, while Spectre is able to break the isolation between different apps. Meltdown, an easy-to-use exploit, affects only Intel chips and can be addressed by a security patch, which could result in some performance issues. Spectre impacts all processors, including those from ARM and AMD, and while it is harder to exploit, there is no known fix. Fully addressing Spectre will require a re-architecture of how processors are designed.

It's not known if hackers have exploited Meltdown and Spectre as of yet, but there are proof-of-concept examples out in the wild. Google's Project Zero team had a hand in unearthing the vulnerabilities and Google has also shared details on the exploits. Full research papers on Meltdown and Spectre are available here.

Update 2: ARM and AMD have both issued statements following Intel's press release. AMD says there is a "near zero risk" to AMD processors at this time, while ARM says its processors are vulnerable.

From AMD:

There is a lot of speculation today regarding a potential security issue related to modern microprocessors and speculative execution. As we typically do when a potential security issue is identified, AMD has been working across our ecosystem to evaluate and respond to the speculative execution attack identified by a security research team to ensure our users are protected.

To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time. We expect the security research to be published later today and will provide further updates at that time.

From ARM:

I can confirm that ARM have been working together with Intel and AMD to address a side-channel analysis method which exploits speculative execution techniques used in certain high-end processors, including some of our Cortex-A processors. This method requires malware running locally and could result in data being accessed from privileged memory. Please note our Cortex-M processors, which are pervasive in low-power, connected IoT devices, are not impacted.

We are in the process of informing our silicon partners and encouraging them to implement the software mitigations developed if their chips are impacted.

Top Rated Comments

timeconsumer Avatar
44 months ago
I wonder how long Intel has known about this flaw.
Apparently the CEO sold a lot of his stock on Nov 29th and kept the bare minimum amount.

https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx
Score: 26 Votes (Like | Disagree)
Apple_Robert Avatar
44 months ago
I wonder how long Intel has known about this flaw.
Score: 26 Votes (Like | Disagree)
velocityg4 Avatar
44 months ago
No... after this, I doubt Intel on security, and from what I gather, this stretches all the way back to the Pentium Pro.

Also, I don't care if it modifies, writes or deletes... the most improtant thing the bug allows reading
At least those running DOS 6 and Windows 3.1 on a 486 are safe.
Score: 24 Votes (Like | Disagree)
kevinthebright Avatar
44 months ago
Shading AMD is just another Intel cheap shot. That company has problems.
Score: 21 Votes (Like | Disagree)
jav6454 Avatar
44 months ago
No... after this, I doubt Intel on security, and from what I gather, this stretches all the way back to the Pentium Pro.

Also, I don't care if it modifies, writes or deletes... the most improtant thing the bug allows reading
Score: 18 Votes (Like | Disagree)
longofest Avatar
44 months ago
I wonder how long Intel has known about this flaw.
I actually kind of doubt they knew about it. While AMD is not affected, it does look like ARM chips are affected. This flaw has potentially been around since Pentium Pro. If Intel knew about it, they'd have quietly fixed it rather than letting it go. I think this is just a really, really good find by the researchers.
Score: 17 Votes (Like | Disagree)

Top Stories

tracking disabled ios 14 5

Analytics Suggest 96% of Users Leave App Tracking Disabled in iOS 14.5

Friday May 7, 2021 1:51 am PDT by
An early look at an ongoing analysis of Apple's App Tracking Transparency suggests that the vast majority of iPhone users are leaving app tracking disabled since the feature went live on April 26 with the release of iOS 14.5. According to the latest data from analytics firm Flurry, just 4% of iPhone users in the U.S. have actively chosen to opt into app tracking after updating their device...
macbook colors 3d black bezels

Prosser: Next MacBook Air Could Come in Colors Similar to iMac

Friday May 7, 2021 6:55 am PDT by
According to Apple leaker Jon Prosser, Apple's upcoming release of the MacBook Air will feature various colors, similar to the colors in the newly released 24-inch iMac. In the latest video of his YouTube channel Front Page Tech, Prosser says the same source who accurately provided him information on the first Apple silicon iMac coming in colors has told him that he recently saw a prototype...
snapchat dark mode

Snapchat Rolls Out Dark Mode on iOS

Wednesday May 5, 2021 1:17 am PDT by
Nearly two years following the release of iOS and iPadOS 13, which included native, built-in, and systemwide dark mode, Snapchat, one of the world's most prominent social media networks, has finally rolled out a dark mode theme for iOS users. Snapchat began testing a dark mode theme of its app design late last year with a small group of iOS users. Now, Snapchat says that as of this week, it...
tile amazon sidewalk integration

Tile to Leverage Amazon Echo and Ring Devices to Better Compete With AirTags

Friday May 7, 2021 2:07 pm PDT by
Amazon today announced that it is teaming up with Tile to add Amazon Sidewalk integration to Tile's Bluetooth trackers. Amazon Sidewalk, for those unfamiliar, is a network of Amazon Bluetooth devices that's designed to improve the connectivity of devices like the Ring and Amazon Echo. Tile will now be joining Amazon Sidewalk, and through this integration, Amazon Echo and Ring devices will be ...
tile sticker e1570533758981

Tile CEO: 'We Welcome Competition From Apple, But We Think It Needs to Be Fair'

Tuesday May 4, 2021 9:51 am PDT by
Just after Apple announced its AirTags, Tile CEO CJ Prober relayed his concerns about competing with Apple in the tracking space, and said that Tile would ask Congress to investigate Apple's business practices specific to Find My and item trackers. Prober this week did an interview with Bloomberg, where he further expanded on Tile's complaints about Apple and why he feels that Tile is...
airtag 1

AirTag Anti-Stalking Measures 'Just Aren't Sufficient' Says Washington Post Report

Wednesday May 5, 2021 6:03 pm PDT by
The safeguards that Apple built into AirTags to prevent them from being used to track someone "just aren't sufficient," The Washington Post's Geoffrey Fowler said today in a report investigating how AirTags can be used for covert stalking. Fowler planted an AirTag on himself and teamed up with a colleague to be pretend stalked, and he came to the conclusion that the AirTags are a "new means...
signal instagram ads3

Signal Shares the Instagram Ads Facebook Doesn't Want You to See

Wednesday May 5, 2021 1:29 am PDT by
Encrypted messaging app Signal has had a series of Instagram ads blocked from the social media platform, after it attempted to show users how much data the Facebook-owned company collects about them and how it's used to push targeted ads. In a blog post, Signal described how it generated the ads to show users why they were seeing them, simply by declaring upfront the information that the...
fortnite apple logo 2

Epic CEO Tim Sweeney Admits App Store's 30% Cut Is Similar to Consoles, Would Have Accepted Special Deal With Apple

Tuesday May 4, 2021 1:54 pm PDT by
Apple's legal battle with Epic Games is continuing on, and during the second day of the trial, Epic Games' CEO Tim Sweeney continued his testimony against Apple. Sweeney was grilled by Apple's lawyers, and made several points seemingly favorable to Apple. In addition to mentioning how he prefers Apple's iPhone and values Apple's privacy policies that he's aiming to dismantle, Sweeney...
iphone 12 preorder purple

Apple Begins Transition to Randomized Serial Numbers With Purple iPhone 12

Wednesday May 5, 2021 9:17 am PDT by
MacRumors previously reported about Apple's plan to switch to randomized serial numbers for future products starting in early 2021, and this transition has now started with the new purple iPhone 12 model in multiple countries. With assistance from Aaron Zollo, host of the YouTube channel ZolloTech, we can confirm that the purple iPhone 12 released last month has a new 10-character serial...
precision finding developer mode

AirTag Precision Finding Interface Includes Hidden 'Developer Mode'

Thursday May 6, 2021 1:32 am PDT by
A frustrated AirTag owner has inadvertently discovered the existence of a hidden "developer mode" in the on-screen interface that Find My displays when the Precision Finding feature is activated to help locate one of Apple's item trackers. Precision Finding is a feature that provides users with specific on-screen directions for finding a nearby AirTag. iPhones with a U1 chip, which includes ...