New Intel patches promise immunity to Meltdown and Spectre attacks

Performance impact of the recent security updates should not be significant and will be mitigated

Performance impact of the recent security updates should not be significant and will be mitigated

In the days following the disclosure of the vulnerabilities, Intel has contended that it's incorrect to pin them on a "bug" or design "flaw", and that it's processors are working as intended.

Late Wednesday, Intel confirmed news reports of a security issue related to its central processing units and said it is working with other chipmakers and operating system companies to develop an industry-wide approach to resolve the issue.

Chips potentially affected date back more than five years, with some products listed on Intel's website about the vulnerabilities having been introduced as far back as 2008. Researchers say one of the bugs, called Meltdown, affects nearly every processor Intel has made since the mid-1990s.

The findings were that processor microarchitectures from Intel, AMD and ARM were all vulnerable to a lesser or greater extent. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

Join our mailing list to receive the latest news and updates from The Jolt Journal.

Meltdown is a particular problem for companies such as Amazon and Google with cloud hosting services. "However, Intel is making this statement today because of the current inaccurate media reports". "It was made pursuant to a pre-arranged stock sale plan (10b5-1) with an automated sale schedule".

The exploit can be achieved using malware, which is a common way attackers can gain access to computers and sensitive information stored within.

Intel also said it doesn't expect a major performance hit to its processors when it launches the fix, which was a concern of Google's.

"In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services", Intel writes in the press release. The patches, however, will have some performance effects, noting that they will be at frustrating levels pegged at zero to 30 percent level.

Intel has already issued updates for all types of Intel-based computer systems, including personal computers and servers, to address the flaws.

While Intel has been plagued with the Meltdown bug, the Spectre flaw is more widespread and could prove to be incredible difficult to fix.

A site, Meltdownattack.com, hosted by the Graz University of Technology - researchers from which also reported both Meltdown and Spectre - has further details.