These bugs affect all devices made in the last 25 years

Jan 3, 2018 23:36 GMT  ·  By

The security flaw found in Intel CPUs, which Intel confirmed to affect other types of computing devices, just got to a whole new level as security researchers revealed details on two critical vulnerabilities that put billions of devices at risk of attacks.

Dubbed Meltdown and Spectre, the two hardware bugs found in Intel processors affect almost every computing device that was made in the past two decades, no matter if it's a mobile phone or a personal computer. They allow malicious programs to steal sensitive data processed on the affected machine, and we're talking about billions of devices here.

"While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents," reads the dedicated website.

Machines running in the cloud appear to be the most affected by the two vulnerabilities (CVE-2017-5753 and CVE-2017-5715 for Spectre, and CVE-2017-5754 Meltdown) as it's possible to steal data from other customers as well, but any computer with a modern process is at risk of attacks if the operating system they're running isn't updated to the latest available software release that includes patches for these bugs.

Spectre bug will haunt us for quite some time, say the researchers

Every processor made since 1995, with the exception of Intel Itanium and Intel Atom CPUs released before 2013, are affected by these vulnerabilities, no matter if you're using Windows, Linux, macOS, Android, Chrome OS, or FreeBSD. The Meltdown and Spectre bugs were reported by security researchers working for Google's Project Zero, Cyberus Technology, and Graz University of Technology.

They confirmed that the Spectre bug is the most dangerous of the two and it's not easy to fix. The security researchers even go as far to say that it will haunt us for quite some time. While they affect mostly Intel CPUs, but some AMD processors and ARM's Cortex-A chips are also prone to this new class of attack. However, AMD denied any of its processors are vulnerable.

Google’s Project Zero team even disclosed the affects of the critical security flaws caused by the "speculative execution" technique used by most modern processors to optimize performance, despite the January 9 embargo, and urged users to update their Android and Chromebook devices to the latest software versions Google released recently. Android users must ensure they have the January 2018's security patch installed.

Microsoft appears to have released an emergency patch today that fixes the two security vulnerabilities, and Apple already patched at least one of the bugs in the macOS 10.13.2 software update, planning more fixes in the upcoming macOS 10.13.3 High Sierra release coming by the end of the month. Linux users are safe as long as they run the latest Linux kernel version available for their operating systems.