Intel has confirmed reports that a security vulnerability affecting its processors.

In a statement, Intel says the company doesn’t believe the security exploit could be used to modify, delete, or corrupt data… but stealing your passwords and other sensitive information is probably bad enough, which explains why a massive effort is underway to address the issue through operating system updates.

Intel says it’s working with other technology companies to resolve the issue… and notes that it doesn’t just affect Intel processors.

The chip maker says it had planned to disclose the issue next week, after more of the necessary software and firmware updates were available. But Intel released its brief statement today “because of the current inaccurate media reports.”

So what’s inaccurate? First, the company suggests that there’s no “bug” or “flaw” in its chips, but rather than an exploit has been discovered that can collect sensitive data from “computing devices that are operating as designed.”

That one sounds open to interpretation to me. The chips and software work… but they’re vulnerable to a previously undisclosed method of attack. Is that a bug? Apparently Intel doesn’t think so.

Intel also says “contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should to be significant and will be mitigated over time.”

That’s actually in keeping with what we noted earlier today: some activities such as gaming seem to be largely unaffected. But as discovered by Phoronix, some tasks, like PostgreSQL and Redis seem to take serious performance hits on a Linux system with the updated version of the Linux Kernel designed to address the security vulnerability.

So you may or may not notice a big performance hit depending on what it is you’re using your computer for.

Finally, Intel also says that it’s not the only company whose products are affected and that the company is “working closely with many other technology companies, including AMD, ARM Holdings, and several operating system vendors” on the issue.

Despite the implication that AMD chips are affected, an AMD software engineer has explicitly that the company’s chips are not subject to the same types of attacks.

It’s probably not surprising that Intel’s stock price ended the day about 3.4 percent lower than yesterday, while AMD’s stock price was up more than 5 percent at the end of the day.

Update: Google’s Project Zero team discovered the vulnerabilities in 2017 and has been working with technology companies to mitigate the issue. The company lays out the details about the exploits, code-namedSpectre and Meltdown, in a blog post.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

6 replies on “Intel issues statement on security vulnerability”

  1. “Is that a bug?”

    IMHO a bug is an unintended mistake in code, or perhaps design flow.

    So this is not a bug, but a fundamental design flaw (because it is behaving as it was intended not realizing the consequences), which, of course, is far worse.

  2. > Intel’s stock price ended the day about 3.4 percent lower than yesterday, while Intel’s stock price was up more than 5 percent at the end of the day.

    Did you mean AMD’s stock was up?

      1. Are you interested in how this patch affects Gaming Performance on Intel devices?
        Its one of the last-frontiers where they have an edge on AMD.
        Maybe this will be the equaliser, or maybe it won’t affect the imbalance at all.

        I don’t think Gaming Performance is important, however, its hugely important from a marketing and mindshare viewpoint. So if AMD snags this victory, it might mean they’ve become much more competitive in the market space.

  3. I agree, the statement does sound disingenuous. If it turns out that the all the other CPUs Intel mentioned are not affected in any way by this specific bug, I will definitely be taking my business elsewhere.
    AMD did have a TLB bug in their early Phenom cpu and I avoided them for a while.

Comments are closed.