Intel CEO Brian Krzanich at the IDF developer conference in 2016. Krzanich said updates will be available for 95 percent of systems affected by the Spectre and Meltdown vulnerabilities by the end of next week.
Stephen Shankland/CNETHoping the Meltdown and Spectre security problems might mean Intel would be buying you a shiny new computer after a chip recall? Sorry, ain't gonna happen.Intel famously paid hundreds of millions of dollars to recall its Pentium processors after the 1994 discovery of the "FDIV bug" that revealed rare but real calculation errors. Meltdown and Spectre are proving similarly damaging to Intel's brand, sending the company's stock down more than 5 percent.But Intel CEO Brian Krzanich said the new problems are much more easily fixed -- and indeed are already well on their way to being fixed, at least in the case of Intel-powered PCs and servers. Intel said Thursday that 90 percent of computers released in the last 5 years will have fixes available by the end of next week."This is very very different from FDIV," Krzanich said, criticizing media coverage of Meltdown and Spectre as overblown. "This is not an issue that is not fixable... we're seeing now the first iterations of patches."The vulnerabilities, announced Wednesday by Google and other researchers, open a new avenue of attack on PCs, phones, and servers -- computing devices using chips designed by Intel, Arm and, to a lesser degree, AMD. If an attacker manages to place malicious software on your device, it could use Meltdown or Spectre to listen in on other software whose data is supposed to be secure from eavesdropping within the system. That could mean an attacker could get access to passwords, encryption keys and other extremely sensitive data.The attacks involve a modern chip feature called speculative execution. Patches to fix the problem affect operating systems, web browsers and the operation of the processors themselves. Tech companies are scrambling to release updates to protect against Spectre and Meltdownafter news of the vulnerabilities started slipping out ahead of a planned coordinated announcement.One concern has been that the fixes for Meltdown and Spectre will degrade performance. Krzanich flatly denied it. "For the real-world applications... it's minimal impact," he said.Intel, working with makers of computers and their operating system software, plans patches that'll bring "complete mitigations" to computers using Intel chips designed in the last five years, said Steve Smith, Intel's general manager for data center engineering. The majority are already done, Krzanich said. For chips up to 10 years old, fixes will be released in coming weeks for the "vast majority" of Intel chips, Smith said.
No comments: