Chip Design Flaw Not Limited to Intel, Researchers Say

From PC Mag: The Intel flaw involves two vulnerabilities that can be used to steal your passwords, emails, and any other sensitive data you have on your computer, according to the security researchers who uncovered the bugs.

Intel also isn't the only vendor affected. One vulnerabilty, named Spectre, was found in AMD and ARM-based chips, too. The other vulnerability, dubbed Meltdown, was found mostly in Intel processors as far back as 1995; it's unclear whether AMD or ARM-based chips have the same problem.

Both bugs can essentially help malware grab data stored in sensitive programs, including a password manager or browser. "While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs," the researchers wrote.

Desktops, laptops, cloud servers, and smartphones are affected by one or both vulnerabilities, the researchers warn. Attacks that exploit the two vulnerabilities are also difficult to detect and don't leave any traces.

The risk is especially severe for cloud computing providers, which lease their servers to different clients. Both Meltdown and Spectre can essentially erode the boundaries in a machine that seperate one client's data from another.

In a statement, Intel said the upcoming fix shouldn't drag down performance for the average computer user.

View: Article @ Source Site