Qualcomm confirms its hardware is affected by Meltdown & Spectre

Qualcomm confirms its hardware is affected by Meltdown & Spectre

Microsoft and Linux were the first out of the gate with patches to protect against the vulnerabilities, which can be exploited through a web browser and allow access to supposedly-protected kernel memory regions - allowing a malicious advert, for example, to steal passwords and other privileged information.

Meltdown and Spectre are what are known as exploits, vulnerabilities or weaknesses, even though they are being reported widely as bugs or flaws on central processing units (CPUs), the computer chips at the heart of every PC or smartphone. It is unclear if it is impacting AMD or ARM processors. Researchers, including ones employed by the likes of Google, various tech firms, and academic institutions, independently discovered the flaws past year. A selection of Arm Cortex-A and Cortex-R CPU core designs are vulnerable to the CVE-2017-5753 and CVE-2017-5715 Spectre vulnerabilities, but only one - the Cortex-A75 - is also vulnerable to the easily exploitable CVE-2017-5754 Meltdown flaw.

The Guardian reports that Intel has been hit with three separate class action lawsuits filed in California, Indiana and OR in response to the disclosure - Spectre affects a wide range of different processors, but Meltdown primarily impacts Intel processors made after 1995. At the scale of a data center, such a performance hit could be severely detrimental to operations.

Intel also played down concerns about slowed performance because of the updates, noting that for the "average computer user", the impact should not be significant and will lessen over time.

Get Data Sheet, Fortune's technology newsletter.

Since the public announcement, other companies have rushed forward to state that patches are in the works. The companies were, in some cases, forced to act sooner than anticipated as news of the chip flaws began to trickle out online, causing the corporations to advance their disclosure timelines by a week.

Project Zero researcher Jann Horn showed that hackers could take advantage of this flaw to read system memory that should be out of bounds. No other details are provided, however, as to what these measures will include.

In response, Google, Amazon and Microsoft have already issued emergency patches for their cloud services. Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday.

"While the vast majority of computing devices are impacted by these flaws, the sky is not falling", he said. "The remaining ones will be completed in the next several hours, with associated instance maintenance notifications". The problem impacts processors going back more than two decades and could let hackers access passwords, encryption keys or sensitive information open in applications. While the U.S. Department of Homeland Security's computer security advisory group US-CERT has suggested replacing affected CPUs, industry experts have countered that the recommendation is unfeasible.

Are patches for both vulnerabilities available yet?

"It is not easy to fix, it will haunt us for quite some time", Spectre's discoverers warned.

Related Articles