Beware of security flaws in Intel, AMD, ARM chipsets
The recently discovered security flaw in Intel processors has put almost millions of computers at risk giving hackers the leverage to steal sensitive information. It is being reported that this security flaw went unnoticed for a decade. Software giants are now working on fixing the flaw, but this could potentially slow down devices by upto 30 per cent.
Rajpreet Kaur, Senior Research Analyst, Gartner, explains, “The bug related to data leakage from privileged memory will require Intel to fix it by making changes to their chips. This bug has two main impacts: the first being ‘security impact’, as this flaw can be used by malware to exploit sensitive data from the memory; and the second ‘performance impact’ – although it is not very clear now, but in case this has a serious impact on performance, it will impact applications delivery.”
Intel has issued a list of Intelbased platforms impacted by this issue. This includes Intel Corei3 , Corei5, Corei7 processors (45nm and 32nm), Intel Core M processor family (45nm and 32nm), 2nd Generation, 3rd Generation, 4th Generation, 5th Generation, 6th Generation, 7th Generation and 8th Generation Intel Core processors, and others.
According to a post on Intel’s website, the company claims to have “started providing software and firmware updates to mitigate these
exploits. End users and systems administrators should check with their operating system vendors and system manufacturers, and apply any updates as soon as they are available”.
The company further clarified: “On January 3, 2018, a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems. Intel is committed to product and customer security and to responsible disclosure. We worked closely with many other technology companies, including Advanced Micro Devices (AMD), ARM Holdings and several operating system vendors, to develop an industry-wide approach to mitigate this issue promptly and constructively.”
Kaur further recommends that users using public clouds must ask for an update from their platform providers on fixing the flaw. Make sure you are aware of any maintenance downtime which might be required. End users are required to apply patches to fix this bug through their OS. Closely monitor and test the performance impact before applying any changes to the applications infrastructure. Make sure to allocate sufficient memory to reduce the performance impact.