Major security flaws affecting nearly every modern computer processor could allow hackers to steal stored data - including passwords and other sensitive information - on desktops, laptops, mobile phones and cloud networks around the globe, according to security researchers who published their findings this week.
The more pervasive flaw, dubbed Spectre, leaves the world's supply of microprocessors potentially vulnerable to attack, the researchers said. They have verified that the exploit, which breaks down the isolation between different applications, can affect products made by Intel, AMD and Arm.
"As it is not easy to fix, it will haunt us for quite some time," the researchers said, explaining why they chose to call the flaw Spectre.
While hackers will find it harder to use the Spectre exploit, it is also more challenging for computer manufacturers to ward off, the researchers said.
The other flaw, dubbed Meltdown, affects most Intel processors made after 1995. And while security patches exist for devices running Linux, Windows, and OS X, the researchers said, the corrective measure may slow down their performance by as much as 30 percent, according to some estimates.
Intel said in a blog post Thursday that it has begun providing updates to mitigate the risks posed by the exploits. The company also downplayed concerns about slowed performance, noting that for the "average computer user" the impact should not be significant and will lessen over time.
"Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available," the company said.
Meanwhile, Intel rival AMD -- which is formally headquartered in California but has most of its operations in Austin -- issued the following statement: “Based on the findings to-date and the differences in AMD processor architecture, we believe there is near zero risk to AMD products at this time.”
On Thursday, Intel's stock dropped more than 2 percent during intraday trading. AMD’s shares climbed more than 1.3 percent following the publication of the security flaws.
Here’s what some other technology companies had to say about the issue:
Microsoft said in a statement Thursday that it is not aware of any of these vulnerabilities being used against its customers.
"We are in the process of deploying mitigations to cloud services and released security updates on January 3 to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, Arm, and AMD," the company said.
Google said in a blog post that its popular web browser Chrome, its cloud services and other applications have or will soon be updated to protect against the newly disclosed vulnerabilities.
Amazon said in a blog post that "all but a small single-digit percentage of instances" of its EC2 systems, a service under its cloud computing platform, had already been protected, and urged customers to patch their operating systems using available updates.
In a statement Thursday, Arm said that the majority of its processors are not affected by Spectre or Meltdown but confirmed that it has been working with Intel, AMD and other partners to develop defenses against the vulnerabilities.
This story includes material from the Washington Post.
News on Open Source is free and unlimited. Access to the rest of 512tech.com comes with an American-Statesman digital subscription, which also includes myStatesman.com and the ePaper edition. Subscribe at statesman.com/subscribe.