Intel has confirmed reports that a security vulnerability affecting its processors.
In a statement, Intel says the company doesn’t believe the security exploit could be used to modify, delete, or corrupt data… but stealing your passwords and other sensitive information is probably bad enough, which explains why a massive effort is underway to address the issue through operating system updates.
Intel says it’s working with other technology companies to resolve the issue… and notes that it doesn’t just affect Intel processors.
The chip maker says it had planned to disclose the issue next week, after more of the necessary software and firmware updates were available. But Intel released its brief statement today “because of the current inaccurate media reports.”
So what’s inaccurate? First, the company suggests that there’s no “bug” or “flaw” in its chips, but rather than an exploit has been discovered that can collect sensitive data from “computing devices that are operating as designed.”
That one sounds open to interpretation to me. The chips and software work… but they’re vulnerable to a previously undisclosed method of attack. Is that a bug? Apparently Intel doesn’t think so.
Intel also says “contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should to be significant and will be mitigated over time.”
That’s actually in keeping with what we noted earlier today: some activities such as gaming seem to be largely unaffected. But as discovered by Phoronix, some tasks, like PostgreSQL and Redis seem to take serious performance hits on a Linux system with the updated version of the Linux Kernel designed to address the security vulnerability.
So you may or may not notice a big performance hit depending on what it is you’re using your computer for.
Finally, Intel also says that it’s not the only company whose products are affected and that the company is “working closely with many other technology companies, including AMD, ARM Holdings, and several operating system vendors” on the issue.
Despite the implication that AMD chips are affected, an AMD software engineer has explicitly that the company’s chips are not subject to the same types of attacks.
It’s probably not surprising that Intel’s stock price ended the day about 3.4 percent lower than yesterday, while AMD’s stock price was up more than 5 percent at the end of the day.
Update: Google’s Project Zero team discovered the vulnerabilities in 2017 and has been working with technology companies to mitigate the issue. The company lays out the details about the exploits, code-namedSpectre and Meltdown, in a blog post.