Friday 5 January 2018

Intel says it will patch 90 percent of recent chips by next week (updated)

A little more than a day since Google Project Zero went public with its findings regarding a major security flaw in Intel (and others) chip designs, the company announced that it is already is pushing out patches to eliminate the vulnerability. Intel has "already issued updates for the majority of processor products introduced within the past five years," per the company press release, and expects to have 90 percent of affected chips produced within the past five years patched by the end of the week.

The flaw, which afflicts chips made over the past decade, enables ordinary processes to determine the layout of protected kernel memory. This "software analysis method", as Intel describes the flaw, allows a pair of exploits, dubbed "Meltdown" and "Spectre," to swipe data from other apps on vulnerable devices -- be they PCs, servers or mobile phones -- running Intel, ARM or AMD chips.

The solution cooked up by Intel and its partners so far entails severing the link between the kernel and these processes, though that could have a dramatic impact on a patched chip's operating speed. The company asserts that the impacts will be "highly workload-dependent" and not particularly noticeable by the average consumer.

Update: Microsoft says it will release an update for Surface devices to protect them against the chip vulnerability. The company also explains that it "has not received any information to indicate that these vulnerabilities have been used to attack customers at this time."

You can check the list of Surface gear that will receive the patch at the link above, but Microsoft says the updates will be available devices running Windows 10 with Windows Update or through the Microsoft Download Center.

Source: Intel

Read the full article here by Engadget

No comments: