Qualcomm confirms its hardware is affected by Meltdown & Spectre

Qualcomm confirms its hardware is affected by Meltdown & Spectre

Microsoft and Linux were the first out of the gate with patches to protect against the vulnerabilities, which can be exploited through a web browser and allow access to supposedly-protected kernel memory regions - allowing a malicious advert, for example, to steal passwords and other privileged information.

Meltdown and Spectre are what are known as exploits, vulnerabilities or weaknesses, even though they are being reported widely as bugs or flaws on central processing units (CPUs), the computer chips at the heart of every PC or smartphone. It is unclear if it is impacting AMD or ARM processors. Researchers, including ones employed by the likes of Google, various tech firms, and academic institutions, independently discovered the flaws past year. A selection of Arm Cortex-A and Cortex-R CPU core designs are vulnerable to the CVE-2017-5753 and CVE-2017-5715 Spectre vulnerabilities, but only one - the Cortex-A75 - is also vulnerable to the easily exploitable CVE-2017-5754 Meltdown flaw.

The Guardian reports that Intel has been hit with three separate class action lawsuits filed in California, Indiana and OR in response to the disclosure - Spectre affects a wide range of different processors, but Meltdown primarily impacts Intel processors made after 1995. At the scale of a data center, such a performance hit could be severely detrimental to operations.

Intel also played down concerns about slowed performance because of the updates, noting that for the "average computer user", the impact should not be significant and will lessen over time.

Get Data Sheet, Fortune's technology newsletter.

Since the public announcement, other companies have rushed forward to state that patches are in the works. The companies were, in some cases, forced to act sooner than anticipated as news of the chip flaws began to trickle out online, causing the corporations to advance their disclosure timelines by a week.

Project Zero researcher Jann Horn showed that hackers could take advantage of this flaw to read system memory that should be out of bounds. No other details are provided, however, as to what these measures will include.

In response, Google, Amazon and Microsoft have already issued emergency patches for their cloud services. Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday.

"While the vast majority of computing devices are impacted by these flaws, the sky is not falling", he said. "The remaining ones will be completed in the next several hours, with associated instance maintenance notifications". The problem impacts processors going back more than two decades and could let hackers access passwords, encryption keys or sensitive information open in applications. While the U.S. Department of Homeland Security's computer security advisory group US-CERT has suggested replacing affected CPUs, industry experts have countered that the recommendation is unfeasible.

Are patches for both vulnerabilities available yet?

"It is not easy to fix, it will haunt us for quite some time", Spectre's discoverers warned.

Related Articles

  • Mueller ready to question Donald Trump over Russian links

    Mueller ready to question Donald Trump over Russian links

    Gayle King on the possibility of her friend Oprah Winfrey running for president: "I do think she's intrigued by the idea". Clinton then negotiated to testify before a grand jury via video and audio link from the White House Map Room.
    Well-Known Australian Teenager Becomes New Face Of Cyber-Bullying Victims

    Well-Known Australian Teenager Becomes New Face Of Cyber-Bullying Victims

    He also gave his daughter's bullies a chance to see the repercussions of their actions by inviting them to Dolly's funeral. At 8 years old, she was part a well-known Australian ad campaign for the hats as a real-life member of a cattle family.

    The Tick, Amazon drops new trailer for second half of season 1

    Something awful is going to happen, and Destiny needs her champions now more than ever. The first half of The Tick season 1 debuted on Amazon Prime Video on August 25.
  • Bond yields hit multi-month highs on heavy supply and BOJ speculation

    Bond yields hit multi-month highs on heavy supply and BOJ speculation

    The yield on Germany's 10-year government bond, the benchmark for the bloc, was 2 bps higher at one stage at 0.48 percent. Brent crude rose 0.5% to $69.15 per barrel, staying near its highest level since mid 2015.
    Firefighters rescue 14-year-old girl from California home destroyed by mudslides

    Firefighters rescue 14-year-old girl from California home destroyed by mudslides

    It was 92 percent contained, and officials don't expect full containment until later this month. "That's definitely at play here". In January 2005 , a landslide struck La Conchita in Ventura County, killing 10 people and destroying or damaging 36 houses.

    BidaskClub Downgrades Discovery Communications (DISCA) to Hold

    According to their observations and findings, the stock could provide a high EPS of $0.61/share and a low EPS of $0.3/share. Of those analysts, no rate stock as a Strong Buy, 2 rate it as Hold, and just no analyst rates it as a Moderate Sell.
  • Plummeting temperatures brings the chance for rain, freezing rain, and snow

    Plummeting temperatures brings the chance for rain, freezing rain, and snow

    It was the first time for many locations since Christmas morning as the sunny skies helped temperatures soar past 40 degrees. Because of the higher moisture content, and the slightly warmer temperatures, roadways will probably be damp this morning.
    Cast Defends Roseanne Conner's Trump Vote

    Cast Defends Roseanne Conner's Trump Vote

    According to Barr, the series will take on some of Trump's presidency, as it is a show about a working class family. Sarah Chalke, who played the character Becky in later seasons, will also appear as new character Andrea.

    Amazon.com, Inc. (AMZN) Stake Decreased by Level Four Advisory Services LLC

    It turned negative, as 64 investors sold KMB shares while 404 reduced holdings. 57 funds opened positions while 112 raised stakes. Following the transaction, the director now owns 17,114 shares of the company's stock, valued at $20,583,692.36. (NASDAQ:AMZN).
  • How Analysts Feel About NXP Semiconductors NV (NASDAQ:NXPI)?

    The fund owned 1,087,512 shares of the semiconductor provider's stock after buying an additional 363,800 shares during the period. The stock of NXP Semiconductors N.V. (NASDAQ: NXPI ) has "Sector Weight" rating given on Tuesday, November 1 by Pacific Crest.
    India's private moon mission in danger of being called off

    India's private moon mission in danger of being called off

    They have much work ahead", AS Kiran Kumar, ISRO Chairman had said during an industry meet in Delhi last month. The Peregrine is expected to be able to carry 265 kg of payloads and already has 11 deals from six countries.
    UIDAI introduces virtual ID, limited KYC for Aadhaar card holders

    UIDAI introduces virtual ID, limited KYC for Aadhaar card holders

    Recently, UIDAI was under tremendous pressure, thanks to an Aadhaar-data leak claim at just Rs 500 from the Tribune newspaper. The limited KYC system along with the Virtual ID might go a long way in allaying the nation's doubts.