Design flaws in processor chips (CPUs) by AMD, ARM and Intel could allow hackers to trick apps into revealing sensitive data such as passwords. The CPU “kernel” – the core of the operating system – is leaking memory.
Researchers from Google’s Project Zero team, academia and cybersecurity firms found two flaws in June 2017, dubbed “Spectre” and “Meltdown,” in computer chips that affect nearly all modern computers.
Some fixes, in the form of software updates, have been introduced or will be available in the next few days, said Intel, which provides chips to about 80% of desktop computers and 90% of laptops worldwide.
CPUs use a process known as “speculative execution” to optimise performance, using different types of memory to store data and code temporarily.
In many cases, that information is supposed to be secure from attempts to hack it, but these two bugs allow malicious code to read the entire operating system without permission, stealing passwords and login files.
E&T covered this Intel chip security story earlier today.
Click on the graphic for an expanded view.