Fixes on the way for computer processor security bug
Technology companies including Intel are attempting to fix a fundamental security flaw with the potential to affect personal computers and smartphones across the globe.
Researchers at Google's Project Zero, partnering with academic institutions, discovered the problem last year and disclosed it on January 3. The flaw can be found in nearly every computer built since 1995, according to reports from New York Magazine and other sources.
The vulnerability actually represents two separate exploits. One of the two flaws, called Meltdown, affects Intel processors. The other, named Spectre, impacts chips from Intel, AMD and Arm. If left unattended, the leak could expose stored passwords, photos, emails, instant messages and other sensitive data.
Both exploits are aimed at an operating system's "kernel," a vital software component that connects applications to a computer's processor, memory and additional hardware. The flaw would allow hackers to get at information stored in the memory of other running programs.
Microsoft has released software updates to protect against the newly discovered bug, but there is no evidence of malicious users taking advantage of the flaw as of yet.
"We're aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers," the company said in a statement. "We have not received any information to indicate that these vulnerabilities had been used to attack our customers."
There are also Meltdown patches available for Apple's macOS and Linux. Mozilla is implementing a short-term fix that the company said will disable some capabilities of its Firefox browser.
"If you download the latest update from Microsoft, Apple, or Linux, then the problem is fixed for you and you don't have to worry," security researcher Rob Graham said in a January 4 blog post. "If you aren't up to date, then there's a lot of other nasties out there you should probably also be worrying about."
Intel supplies processors used in many of the world's PCs, which accounts for the widespread nature of the issue. Immediate fixes are expected for Meltdown, while Spectre is deemed a less urgent threat, as it's more difficult to exploit.
The U.S Computer Emergency Readiness Team posted a table containing links to advisories and patches provided by vendors in response to the vulnerabilities. The table will be updated as more information becomes available.
OPENonline is a trusted source for comprehensive background screenings. For more information, visit our website.