Intel CEO Pledges Commitment to Security Following Meltdown and Spectre Vulnerabilities

intelIntel CEO Brian Krzanich today wrote an open letter to Intel customers following the "Meltdown" and "Spectre" hardware-based vulnerabilities that impact its processors.

In the letter, Krzanich says that by January 15, updates will have been issued for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder coming at the end of January.

For Apple customers, macOS and iOS devices have been patched with protection against Spectre and Meltdown. Meltdown was addressed in macOS High Sierra 10.13.2 and iOS 11.2, while Spectre mitigations were introduced in a macOS 10.13.2 supplemental update and iOS 11.2.2, both of which were released this week. The vulnerabilities have also been addressed in older versions of macOS and OS X.

According to Krzanich, going forward, Intel promises to offer timely and transparent communications, with details on patch progress and performance data. Because Spectre and Meltdown are hardware-based vulnerabilities, they must be addressed through software workarounds. In some cases, these software patches cause machines to perform more slowly.

Apple users do not need to worry about performance impacts. According to Apple, Meltdown had no measurable reduction in performance on devices running macOS and iOS across several benchmarks. Spectre, fixed through a Safari mitigation, had no measurable impact on most tests, but did impact performance by less than 2.5% on the JetStream benchmark. Apple says it plans to continue to refine its mitigations going further.

In addition to remaining transparent about the performance impact of the software fixes, Krzanich says Intel will commit to disclosing security vulnerabilities and sharing hardware innovations that will, in the future, prevent such attacks.

Our customers' security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.

For those who missed the news last week, Spectre and Meltdown are serious hardware-based vulnerabilities that take advantage of the speculative execution mechanism of a CPU, potentially allowing hackers to gain access to sensitive information.

Spectre and Meltdown impact all modern processors, including those used in Mac and iOS devices, and these two vulnerabilities will continue to be an issue for the foreseeable future as addressing them entirely requires new hardware design. Apple has prevented Spectre and Meltdown from affecting customers through software updates, but all hardware and software manufacturers will need to be wary of additional speculative execution attacks going forward.

Apple customers should make sure to keep their Macs and iOS devices up to date with the latest software to remain protected from malicious attacks that might take advantage of the exploits.

Top Rated Comments

eicca Avatar
53 months ago
The stark truth is nothing in the digital realm will ever be truly safe. Ever.
Score: 11 Votes (Like | Disagree)
OldSchoolMacGuy Avatar
53 months ago
Won't hurt them in the long run. Their stock has been great and will continue to be.

It's not as if companies really have another option. Yes AMD exists but companies aren't going to switch everything over (and AMD was vulnerable too).

Few months from now people won't even be talking about this.
Score: 8 Votes (Like | Disagree)
dampfnudel Avatar
53 months ago
Okay, what about future processors like Ice Lake which I believe is scheduled for release next year? Should people not purchase any new Macs or Windows PCs until it’s confirmed that they’re free of this vulnerability? Will there be any compensation for customers who purchased a Mac or Windows PC with the hardware vulnerability and are now experiencing more than just a small performance degradation in their daily workflow. Just telling us about software “workarounds” that won’t impact performance “too much” isn’t good enough.
Score: 5 Votes (Like | Disagree)
nt5672 Avatar
53 months ago
Great PR speech. Trust us, we'll do better next time.

How about telling us how this slipped through for so long and what changes are being made to make sure there we have minimal risk of other security holes like this. Do this, and we might believe you.
Score: 4 Votes (Like | Disagree)
joema2 Avatar
53 months ago
As far as I understand it, AMD CPUs are only affected by Spectre V1, but Intel CPUs affected by Spectre V1, Spectre V2 and Meltdown....No Ryzen CPUs are affected by this...
That is not correct. AMD CPUs (including Ryzen) are affected by both Specter V1 and V2:

https://www.reuters.com/article/us-cyber-microchips-amd/amd-chips-exposed-to-both-variants-of-spectre-security-flaw-idUSKBN1F0314

Spectre and/or Meltdown also affects Oracle (formerly Sun) SPARC: https://sp.ts.fujitsu.com/dmsp/Publications/public/Intel-Side-Channel-Analysis-Method-Security-Review-CVE2017-5715-vulnerability-Fujitsu-products.pdf

Spectre also affects IBM System Z mainframes, POWER8 and POWER9: https://access.redhat.com/security/vulnerabilities/speculativeexecution

Meltdown and Spectre affect certain ARM CPUs, including those used in the Nintendo Switch console: http://www.nintendolife.com/news/2018/01/cpu_exploits_meltdown_and_spectre_could_potentially_affect_nintendo_switch

Since the main criteria for Spectre vulnerability are (a) speculative execution and (b) branch prediction, it probably affects older RISC CPUs like the DEC Alpha 21264 and MIPS R10000: https://en.wikipedia.org/wiki/Alpha_21264

All of the above use out-of-order execution, speculative execution and branch prediction. Some CPUs use in-order speculative execution and branch prediction, such as the ARM A8, but are still vulnerable. A long list of ARM CPUs are affected, including A75, A73, A72, A57, A17, A15, A9, A8, R8, and R7: https://developer.arm.com/support/security-update

So CPUs with speculative in-order execution can be affected, not just the more common out-of-order type. While Intel's Itanium is mentioned as immune to Spectre, I'm not certain of that. Despite the VLIW in-order design, it heavily uses speculation and hardware branch prediction: https://en.wikipedia.org/wiki/Itanium

Itanium is a factor from a planning standpoint because the architecture is totally different from most other CPUs, yet it may still be affected. If so, this indicates how broad Spectre is and how fundamentally the problem must be approached from the standpoint of CPU redesign.
Score: 4 Votes (Like | Disagree)
SecuritySteve Avatar
53 months ago
Total PR stunt. The severity of these vulnerabilities does not warrant this kind of apology.
Score: 3 Votes (Like | Disagree)

Popular Stories

iPhone 14 Mock pill and hole thumb

ProMotion Now Expected to Remain Exclusive to iPhone 14 Pro Models, Not Expand to Entire Lineup

Sunday January 16, 2022 8:56 am PST by
Continuing the tradition set with the iPhone 13 Pro, only the highest-end iPhone 14 models will feature Apple's ProMotion display technology, according to a respected display analyst. Ross Young, who on multiple occasions has detailed accurate information about Apple's future products, said in a tweet that ProMotion will not be expanded to the entire iPhone 14 lineup and will remain...
AirPods Pro Gen 3 Mock Feature Red

AirPods Pro 2 Could Start a New Accessory Ecosystem

Friday January 14, 2022 2:34 am PST by
Apple's second-generation AirPods Pro could arrive alongside a new series of accessories, recent leaked images suggest. Alleged leaked photos of the next-generation AirPods Pro obtained by MacRumors showed a charging case with a metal loop on the side for attaching a strap. Apple has not used this design for any of its other AirPod models and it is unclear why it would be added in this...
Unlikely Products 2022 Feature

Six Rumored Apple Products You're Unlikely to See This Year

Saturday January 15, 2022 2:06 pm PST by
Much has been said about what consumers could see from Apple in 2022, but the company is also working on a handful of rumored products that aren't expected to be unveiled for at least another 12 months, and in some cases a lot longer. Of course, that's assuming they get released at all. Apple works on many potential products some of which ultimately never see the light of day. With that in...
safari icon blue banner

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time

Sunday January 16, 2022 3:37 pm PST by
A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS. In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session....
ipad air 4 video

New iPad Air Rumored to Launch This Spring With A15 Chip, 5G, Center Stage Camera, and More

Saturday January 15, 2022 8:05 pm PST by
Apple is planning to release a fifth-generation iPad Air with similar features as the sixth-generation iPad mini, including an A15 Bionic chip, 12-megapixel Ultra Wide front camera with Center Stage support, 5G for cellular models, and Quad-LED True Tone flash, according to Japanese blog Mac Otakara. Citing reliables sources in China, the report claims that the new iPad Air could be...
netflix2

Netflix Again Raises Prices for All Plans, 4K Streaming Now $20 Per Month

Friday January 14, 2022 12:46 pm PST by
Netflix today updated the prices for its streaming plans, and all of its offerings are now more expensive. The Basic plan is now priced at $9.99 per month, the Standard plan is priced at $15.49 per month, and the Premium plan is priced at $19.99 per month. The Basic plan is $1 more expensive, up from $8.99 per month. This plan allows users to watch on just one screen at a time, and it limits ...
top stories 20220115

Top Stories: iPhone 14 Pro Rumors, iCloud Private Relay Controversy, iOS 15.2.1 Released, and More

Saturday January 15, 2022 6:00 am PST by
Hole-punch? Pill? Hole-punch and pill? Rumors about what the front camera system on the iPhone 14 Pro will look like are evolving rapidly, and it now appears we might be getting a novel but potentially controversial design later this year. Other major stories this week included some confusion and controversy about iCloud Private Relay being disabled for some T-Mobile customers, increasing...
iPhone 14 Mock pill and hole 16x9 120hz

Analyst: All iPhone 14 Models to Feature 120Hz Displays, 6GB of RAM, and More

Friday January 14, 2022 7:02 am PST by
Apple is rumored to announce four new iPhone 14 models in September, and ahead of time, analyst Jeff Pu has outlined his expectations for the devices. In a research note with Haitong International Securities, obtained by MacRumors, Pu claimed that all iPhone 14 models will feature ProMotion displays, compared to only Pro models currently. ProMotion enables a variable refresh rate up to 120Hz ...