Intel was recently found to have a design flaw in its processors, exposing 20 years of devices to it. While initial reports only talked about Windows and macOS PCs getting affected, now several more are stating it to have affected Android smartphones as well. Google has already patched the bug on multiple platforms while Intel and Microsoft have given their official word on what can be called as 2018’s first major bug spread across multiple OSes and devices.
The chipmaker has confirmed the existence of the vulnerability, stating clearly that it can be used to gather sensitive data from computing devices. The ‘bug’ however, is said to not corrupt, modify or delete any data. Furthermore, Intel has already started providing software and firmware updates to its partners to make the impact less severe.
“Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits,” says the company’s newsroom website.
The company confirms it will be disclosing the specifics of the flaw next week. It has even confirmed previous reports that fixes could slow down the devices. “Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,” says the page.
AMD and ARM chips affected
It is worth adding that AMD-based devices are also affected, contrary to what the previous reports mentioned. Google researchers were able to replicate the issue successfully on AMD’s FX and PRO CPUs. ARM has also confirmed that device based on Cortex-A processors are also vulnerable.
Android and Chrome affected
Google’s Project Zero has given some details on the Intel ‘bug’, confirming it to run on both Android and ChromeOS platforms. However, the search giant says that it is not easy to exploit the bug and is limited to certain devices.
A fix will be coming to the upcoming version of Chrome, set to arrive on January 23, will mitigate the attack. For now, enabling the “site isolation” feature will offer some level of protection. Google has given a list of affected products and their current status for patches on one of its FAQ pages – support.google.com/faqs/answer/7622138
Microsoft has also confirmed the security flaw in Intel chips in a statement to The Verge. The Redmond-based tech firm says it is already working with manufacturers for a solution. Also confirmed was that the company has not yet received any information indicating these vulnerabilities attacking the customers.
“We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers,” says Microsoft.
The company has not yet given details as to when it will be rolling out a fix.