Security researchers have found serious vulnerabilities in chips made by Intel and other companies that if exploited could leave passwords and other sensitive data exposed.
"Several researchers, including a member of Google's Project Zero team, found that a design technique used in chips from Intel, Arm and others could allow hackers to access data from the memory on your device. The problem impacts processors going back more than two decades and could let hackers access passwords, encryption keys or sensitive information open in applications," according to CNET.
The discovery comes shortly after the chipmaker said it was working on a patch.
In a statement released Wednesday, Intel acknowledged the problem, saying that it is "working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits."
Wired explains that the bug "... allows low-privilege processes to access memory in the computer's kernel, the machine's most privileged inner sanctum. Theoretical attacks that exploit that bug, based on quirks in shortcuts Intel has implemented for faster processing, could allow malicious software to spy deeply into other processes and data on the target computer or smartphone."
According to The Associated Press:
"Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn't have a roadmap to exploit the flaws.
But in this case, Intel was forced to disclose the problem Wednesday after British technology site The Register reported it, causing Intel's stock to fall."
The Register reports that "Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December."
The tech site added that, "Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products."
However, that is a claim that Intel disputes: "... any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," the company says.
SourceSo if you have a PC with an Intel CPU that was produced somewhen in the past 20 years there is a risk that it can get infected by malware using this flaw.
Intel meanwhile responded and said that the CPUs are working as intended (denying any responsibility) but at the same time adviced all users to apply the upcoming patches for Windows and Linux.
These Patches however come at the risk of slowing down your computer by up to 30%. That highly depends on the CPU generation, the workload and other factors such as the use of NVMe SSD drives. So far the performance loss on the newest Intel chips has been reported to be minimal for the average user. However the biggest performance loss so far has been recognized by systems using NVMe PCI SSD drives. These ultra fast drives get slowed down because the CPUs can no longer process the data fast enough.
Games should not suffer noticable performance problems after these security patches.
