Intel CEO Pledges Commitment to Security Following Meltdown and Spectre Vulnerabilities

intelIntel CEO Brian Krzanich today wrote an open letter to Intel customers following the "Meltdown" and "Spectre" hardware-based vulnerabilities that impact its processors.

In the letter, Krzanich says that by January 15, updates will have been issued for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder coming at the end of January.

For Apple customers, macOS and iOS devices have been patched with protection against Spectre and Meltdown. Meltdown was addressed in macOS High Sierra 10.13.2 and iOS 11.2, while Spectre mitigations were introduced in a macOS 10.13.2 supplemental update and iOS 11.2.2, both of which were released this week. The vulnerabilities have also been addressed in older versions of macOS and OS X.

According to Krzanich, going forward, Intel promises to offer timely and transparent communications, with details on patch progress and performance data. Because Spectre and Meltdown are hardware-based vulnerabilities, they must be addressed through software workarounds. In some cases, these software patches cause machines to perform more slowly.

Apple users do not need to worry about performance impacts. According to Apple, Meltdown had no measurable reduction in performance on devices running macOS and iOS across several benchmarks. Spectre, fixed through a Safari mitigation, had no measurable impact on most tests, but did impact performance by less than 2.5% on the JetStream benchmark. Apple says it plans to continue to refine its mitigations going further.

In addition to remaining transparent about the performance impact of the software fixes, Krzanich says Intel will commit to disclosing security vulnerabilities and sharing hardware innovations that will, in the future, prevent such attacks.

Our customers' security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.

For those who missed the news last week, Spectre and Meltdown are serious hardware-based vulnerabilities that take advantage of the speculative execution mechanism of a CPU, potentially allowing hackers to gain access to sensitive information.

Spectre and Meltdown impact all modern processors, including those used in Mac and iOS devices, and these two vulnerabilities will continue to be an issue for the foreseeable future as addressing them entirely requires new hardware design. Apple has prevented Spectre and Meltdown from affecting customers through software updates, but all hardware and software manufacturers will need to be wary of additional speculative execution attacks going forward.

Apple customers should make sure to keep their Macs and iOS devices up to date with the latest software to remain protected from malicious attacks that might take advantage of the exploits.

Top Rated Comments

eicca Avatar
45 months ago
The stark truth is nothing in the digital realm will ever be truly safe. Ever.
Score: 11 Votes (Like | Disagree)
OldSchoolMacGuy Avatar
45 months ago
Won't hurt them in the long run. Their stock has been great and will continue to be.

It's not as if companies really have another option. Yes AMD exists but companies aren't going to switch everything over (and AMD was vulnerable too).

Few months from now people won't even be talking about this.
Score: 8 Votes (Like | Disagree)
dampfnudel Avatar
45 months ago
Okay, what about future processors like Ice Lake which I believe is scheduled for release next year? Should people not purchase any new Macs or Windows PCs until it’s confirmed that they’re free of this vulnerability? Will there be any compensation for customers who purchased a Mac or Windows PC with the hardware vulnerability and are now experiencing more than just a small performance degradation in their daily workflow. Just telling us about software “workarounds” that won’t impact performance “too much” isn’t good enough.
Score: 5 Votes (Like | Disagree)
nt5672 Avatar
45 months ago
Great PR speech. Trust us, we'll do better next time.

How about telling us how this slipped through for so long and what changes are being made to make sure there we have minimal risk of other security holes like this. Do this, and we might believe you.
Score: 4 Votes (Like | Disagree)
joema2 Avatar
45 months ago
As far as I understand it, AMD CPUs are only affected by Spectre V1, but Intel CPUs affected by Spectre V1, Spectre V2 and Meltdown....No Ryzen CPUs are affected by this...
That is not correct. AMD CPUs (including Ryzen) are affected by both Specter V1 and V2:

https://www.reuters.com/article/us-cyber-microchips-amd/amd-chips-exposed-to-both-variants-of-spectre-security-flaw-idUSKBN1F0314

Spectre and/or Meltdown also affects Oracle (formerly Sun) SPARC: https://sp.ts.fujitsu.com/dmsp/Publications/public/Intel-Side-Channel-Analysis-Method-Security-Review-CVE2017-5715-vulnerability-Fujitsu-products.pdf

Spectre also affects IBM System Z mainframes, POWER8 and POWER9: https://access.redhat.com/security/vulnerabilities/speculativeexecution

Meltdown and Spectre affect certain ARM CPUs, including those used in the Nintendo Switch console: http://www.nintendolife.com/news/2018/01/cpu_exploits_meltdown_and_spectre_could_potentially_affect_nintendo_switch

Since the main criteria for Spectre vulnerability are (a) speculative execution and (b) branch prediction, it probably affects older RISC CPUs like the DEC Alpha 21264 and MIPS R10000: https://en.wikipedia.org/wiki/Alpha_21264

All of the above use out-of-order execution, speculative execution and branch prediction. Some CPUs use in-order speculative execution and branch prediction, such as the ARM A8, but are still vulnerable. A long list of ARM CPUs are affected, including A75, A73, A72, A57, A17, A15, A9, A8, R8, and R7: https://developer.arm.com/support/security-update

So CPUs with speculative in-order execution can be affected, not just the more common out-of-order type. While Intel's Itanium is mentioned as immune to Spectre, I'm not certain of that. Despite the VLIW in-order design, it heavily uses speculation and hardware branch prediction: https://en.wikipedia.org/wiki/Itanium

Itanium is a factor from a planning standpoint because the architecture is totally different from most other CPUs, yet it may still be affected. If so, this indicates how broad Spectre is and how fundamentally the problem must be approached from the standpoint of CPU redesign.
Score: 4 Votes (Like | Disagree)
SecuritySteve Avatar
45 months ago
Total PR stunt. The severity of these vulnerabilities does not warrant this kind of apology.
Score: 3 Votes (Like | Disagree)

Top Stories

iphone12protriplelenscamera

Apple's Orders for Key iPhone 13 Camera Component Expected to Outstrip Entire Android Market

Wednesday June 9, 2021 12:47 am PDT by
Major camera upgrades coming to the iPhone 13 series are putting increased pressure on suppliers to meet Apple's demand for key lens components, according to a new DigiTimes report. Apple has reportedly put Taiwan-based makers of voice coil motor (VCM) components on notice to increase their capacity by 30-40% in order to meet the company's demand, which is expected to outstrip the entire...
macos monterey setup assistant

macOS Monterey Allows You to Erase a Mac Without Needing to Reinstall the Operating System

Wednesday June 9, 2021 4:41 pm PDT by
It's been a few days since Apple announced macOS Monterey, and we continue to dig through new features that weren't mentioned during the WWDC keynote, including a much more convenient way of erasing a Mac. Following in the footsteps of the iPhone and iPad, the Mac has gained an "Erase All Content and Settings" option on macOS Monterey. The option allows you to erase all user data and...
EEC Apple iphone 13

Apple Registers iPhone 13 Models in Eurasia Ahead of September Launch

Friday June 11, 2021 2:16 am PDT by
Nashville Chatter Class has discovered a new Russian-language regulatory filing in the Eurasian Economic Commission (EEC) database pointing towards several unreleased iPhone 13 models that Apple will be launching in the fall. Versions of iPhone running iOS 14 are listed with the model numbers A2628, A2630, A2634, A2635, A2640, A2643, and A2645. None of the numbers correspond to Apple's...
Dark Sky App Featured

Dark Sky iOS App, Website, and API Now Scheduled to Remain Available Until End of 2022

Thursday June 10, 2021 7:34 am PDT by
Last year, Apple acquired the weather app Dark Sky, and shortly after its purchase, Apple shut down the app for Android. Despite the revamped iOS 15 Weather app taking heavy inspiration from Dark Sky, the weather's app standalone iOS app, web app, and API will remain available until the end of next year, compared to the end of this year, as previously planned. Dark Sky announced in an update ...
mr white ipod touch 5 protoype3

Unreleased iPod Touch 5 With Chamfered Edges and 30-Pin Dock Connector Shared Online

Thursday June 10, 2021 2:05 am PDT by
Occasional leaker Mr White has today shared interesting images on Twitter of what appears to be an old-school fifth-generation iPod touch prototype with chamfered edges and a brushed aluminum finish. The original iPod touch 5 that Apple released in October 2012 had a unibody anodized aluminum chassis with rounded edges, and was available in several colors, including slate. Another...
live text macos monterey

Several macOS Monterey Features Unavailable on Intel-Based Macs

Wednesday June 9, 2021 8:23 am PDT by
While there are many great new features in macOS Monterey, several of them are not available on Intel-based Macs, according to Apple. On the macOS Monterey features page, fine print indicates that the following features require a Mac with the M1 chip, including any MacBook Air, 13-inch MacBook Pro, Mac mini, and iMac model released since November 2020:Portrait Mode blurred backgrounds in...
ipad mini 6

Next iPad Mini Will Allegedly Feature Thinner Bezels, USB-C Port, and Touch ID Power Button

Friday June 11, 2021 1:13 pm PDT by
On his newly launched Front Page Tech website, leaker Jon Prosser has shared renders showing off the alleged design of the next-generation iPad mini, which he says are based on schematics, CAD files, and real images of the device. In line with details shared earlier this month by Bloomberg's Mark Gurman and Debby Wu, Prosser claims that the new iPad mini will feature slimmer bezels around...
apple logo plain

Trump Administration Subpoenaed Apple for Data on Two House Intelligence Committee Democrats

Thursday June 10, 2021 6:21 pm PDT by
When investigating leaks of classified information during the early days of the Trump Administration, the United States Justice Department subpoenaed Apple for metadata from the accounts of at least two Democrats on the House Intelligence Committee, reports The New York Times. Apple was also required to provide data from their aides and family members, with the DoJ requesting the records of...
macos monterey tidbits feature copy

macOS Monterey Tidbits: Animated Memoji on Login Screen, Change the Color of the Mouse Pointer, and More

Friday June 11, 2021 10:27 am PDT by
We've highlighted several new features coming in macOS Monterey, such as Low Power Mode and the option to erase a Mac without reinstalling the operating system, but there are some smaller tidbits that we wanted to share. Animated Memoji on Login Screen One small but fun new feature in macOS Monterey is the addition of a personalized Memoji on the login screen, complete with animated facial...
ios15 mail privacy feature

Apple Putting a Stop to Email Tracking Pixels With Mail Privacy Protection in iOS 15 and macOS Monterey

Thursday June 10, 2021 11:03 am PDT by
Tracking when you've opened up an email and what you've read is something that many companies and advertisers rely on for their marketing efforts, plus there are email clients out there designed to let users know when the emails they've sent have been opened up. Much of this tracking is facilitated by remote images that load when viewing an email, and some of it is even sneakier, with...