“Several researchers, including a member of Google’s Project Zero team, found that a design technique used in chips from Intel, Arm and others could allow hackers to access data from the memory on your device. The problem impacts processors going back more than two decades and could let hackers access passwords, encryption keys or sensitive information open in applications,” according to CNET.
According to BBC, there are two separate security flaws, known as Meltdown and Spectre. Meltdown affects laptops, desktop computers and internet servers with Intel chips. And Spectre potentially has a wider reach. It affects chips in smartphones, tablets and computers powered by Intel Corporation (NASDAQ:INTC), ARM and Advanced Micro Devices, Inc. (NASDAQ:AMD).
The discovery comes shortly after the chipmaker Intel Corporation (NASDAQ:INTC) said it was working on a patch. Intel Corporation (NASDAQ:INTC) shares slumps -1.39% in pre-market of Thursday.
In a statement released Wednesday, Intel Corporation (NASDAQ:INTC) acknowledged the problem, saying that it is “working closely with many other technology companies, including Advanced Micro Devices, Inc. (NASDAQ:AMD), ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits.”
Advanced Micro Devices, Inc. (NASDAQ:AMD) shares rises 2.77% in pre-session on Thursday.
Security researchers have found serious vulnerabilities in chips made by Intel and other companies that if exploited could leave passwords and other sensitive data exposed.
According to The Associated Press:
“Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn’t have a roadmap to exploit the flaws.
But in this case, Intel was forced to disclose the problem Wednesday after British technology site The Register reported it, causing Intel’s stock to fall.”
Microsoft, Apple and Linux, the three major operating system makers, are all issuing updates, though Apple and Microsoft have not said precisely when.
Google said Android phones with the most recent security updates are protected, and users of web services like Gmail are also safe. Chromebook users on older versions will need to install an update when it comes. Chrome web browser users are expected to receive a patch on 23 January.
According to Wired the bug “… allows low-privilege processes to access memory in the computer’s kernel, the machine’s most privileged inner sanctum. Theoretical attacks that exploit that bug, based on quirks in shortcuts Intel has implemented for faster processing, could allow malicious software to spy deeply into other processes and data on the target computer or smartphone.”
Researchers discovered gaps in security stemming from Central Processing Units – better known as the chip or microchip – which could allow privately stored data in computers and networks to be hacked.
The Register reports that “Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.”