Only a few days into the new year we saw one of the biggest incidents in cyber security become public. It was discovered that two huge flaws affecting a wide number of Intel computer chips could allow open access to hackers under the right circumstances. It was revealed shortly after that these bugs affect Intel’s competitors as well, meaning that these vulnerabilities are present in most modern computing machines, specifically most of the popular PCs, smartphones and servers in use today.
There are in reality three bugs, but two are grouped together to form the “Spectre” flaw, while the third has been labeled “Meltdown.” The former can be used to essentially exploit modern processors’ predictive functions, while the latter effectively opens up kernel memory locations such as passwords and login information. The nature of these vulnerabilities means that they affect many operating systems, including Windows, macOS, and Linux. The holes were discovered by Google’s Project Zero research team in June 2017, and is thought to have existed for at least the past decade.
These bugs create major vulnerabilities on the hardware side, which makes their late discovery that much more impactful. Software will have to be rewritten to better protect against the loopholes if it was originally based on an assumption of security provided by these chips. Intel’s own released fixes are being criticized for not doing enough and causing slowdowns for many computers. The situation is further complicated by fake patch downloads being launched by hackers that can infect machines with malware.
Despite the sudden reveal of these bugs, developers are quickly distributing their own updates to deal with the potential threats. Microsoft, Apple, Google and many others have already released patches and will continue to upgrade their software as need be. If you would like to learn more about these vulnerabilities and what we are doing to protect against them, feel free to contact us.