Jump to content
Spartans Home



Recommended Posts

I saw this come up and while I am glad they have found these two cpu related problems.... I wonder how many more are out there undetected.


The title of this article says it all


Jan 4 2018, 5:18 am ET
Hacking fears: Security flaws put virtually all phones, computers at risk

by Reuters

Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings.

One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.

“Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO Brian Krzanich said in an interview with CNBC Wednesday afternoon.

Man holding a micro computer chip from desktop computer. KaiDunn / iStockphoto/Getty Images file

Researchers with Alphabet Inc's Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws.

The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer's memory, potentially letting hackers read a computer's memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

The researchers said Apple Inc and Microsoft Corp had patches ready for users for desktop computers affected by Meltdown. Microsoft declined to comment and Apple did not immediately return requests for comment.

Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it "probably one of the worst CPU bugs ever found" in an interview with Reuters.

Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches. Spectre, the broader bug that applies to nearly all computing devices, is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term, he said.

Speaking on CNBC, Intel's Krzanich said Google researchers told Intel of the flaws "a while ago" and that Intel had been testing fixes that device makers who use its chips will push out next week. Before the problems became public, Google on its blog said Intel and others planned to disclose the issues on Jan. 9. Google said it informed the affected companies about the "Spectre" flaw on June 1, 2017 and reported the "Meltdown" flaw after the first flaw but before July 28, 2017.

The flaws were first reported by tech publication The Register. It also reported that the updates to fix the problems could causes Intel chips to operate 5 percent to 30 percent more slowly. (http://bit.ly/2CsRxkj)

Intel denied that the patches would bog down computers based on Intel chips.

"Intel has begun providing software and firmware updates to mitigate these exploits," Intel said in a statement. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."

ARM spokesman Phil Hughes said that patches had already been shared with the companies' partners, which include many smartphone manufacturers.

"This method only works if a certain type of malicious code is already running on a device and could at worst result in small pieces of data being accessed from privileged memory," Hughes said in an email.

AMD chips are also affected by at least one variant of a set of security flaws but that it can be patched with a software update. The company said it believes there "is near zero risk to AMD products at this time."

Google said in a blog post that Android phones running the latest security updates are protected, as are its own Nexus and Pixel phones with the latest security updates. Gmail users do not need to take any additional action to protect themselves, but users of its Chromebooks, Chrome web browser and many of its Google Cloud services will need to install updates.

Amazon Web Services, a cloud computing service used by businesses, said that most of its internet servers were already patched and the rest were in the process of being patched.


It is only a matter of time before something undetected becomes something catastrophic in my opinion.

Link to comment
Share on other sites

Yeah it sucks. There are most likely going to be more critical vulnerabilities exposed as time goes on.


The 5-30% performance hit hurts, though that number depends entirely on what the CPU is actually doing. Gaming benchmarks have shown to have negligible differences, but anything accessing I/O could be slower including NVMe SSDs.


What's funny is that even though AMD isn't affected by the worst of the vulnerabilities, the patches Microsoft is rolling out for it is rumored to apply to AMD CPUs as well, so they may also have the performance hit--even though they don't have the vulnerability. And if not, they may start to gain some market share as that could even the playing field a bit in regards to benchmarks. AMD has core counts on their side but worse single core performance, which is where Intel shines...but maybe not for much longer.

Link to comment
Share on other sites

Well it is reasonable to assume that as we change how we do things due to historical threats, those new methods produce new vulnerabilities... some, like these are apparently very hard to anticipate due to how things tend to morph as improvements to new methodology occurs. The new vulnerability may not exist initially, but appear as things get optimized.



What's funny is that even though AMD isn't affected by the worst of the vulnerabilities, the patches Microsoft is rolling out for it is rumored to apply to AMD CPUs

I think this is saying some of the vulnerability is within a basic interface function between the CPU and memory... meaning it is at such a base level it does not matter how the cpu operates with memory it is the interface itself that is vulnerable.

That is the only way I can see it can affect Intel, AMD and ARM all at the same time.

Edited by Zathrus~SPARTA~
Link to comment
Share on other sites


  • Create New...