Details for a security vulnerability thought to affect almost every Intel processor made in the last decade have recently been released, and the outlook is not good. While there are updates on the way to fix the flaws, experts believe that a patch may slow down computers by up to 30%.
According to The Register, where the information was first publically released, the Intel vulnerability allows hackers to access areas of the computer that shouldn’t be reachable. The flaws, known as Meltdown and Spectre, directly affects the kernel memory of the Intel chip.
Meltdown breaks the isolation between applications and the OS, allowing hackers to access the memory of programs and the OS itself. Spectre breaks the isolation between different applications down, allowing a hacker to trick error-free programs to leaking information.
These flaws allow apps to detect and read the operating system codes, look into other app’s memory banks, or even leak personal information such as passwords, login information, files, and more.
The patch will make the affected kernel completely invisible, but this comes at a price. According to The Register, making the kernel invisible would add a new process that will increase its overhead, slowing down the computer.
Since the problem is with the hardware itself, nothing short of an OS-level fix will be required for the affected operation systems, including Windows, Linus, and Mac. So far Windows has released an emergency patch for Windows 10, with patches for Windows 7 and Windows 8 to come next week. However, there seem to be some issues caused by some anti-virus softwares that can result in bluescreen errors.
Apple says they have also addressed the majority of their flaws with their last OS update, and they are currently testing new tweaks for their next update. Linux developers have also created a set of patches.
In addition to operating systems, many cloud services companies will need to release updates in order to keep themselves protected against the vulnerability. Microsoft Azure, Amazon AWS, and Google Cloud Platform have all reported that they are working on implementing new updates to bulk up security against Meltdown and Spectre. However, they have all stated that the impact of proposed update and have found that they have very little affect on performance in their benchmark tests.
If you want to know more about how these vulnerabilities may affect you and your business, call us at (585) 254-8710 to learn more about how you can strengthen your technology security.