Intel, AMD and ARM respond to recent security findings
Intel are not the only ones with issues
Published: 3rd January 2018 | Source: Various Sources |
Intel, AMD and ARM respond to recent security findings
Intel has been the first to respond to the issue with an official statement, reporting that the "bug" or "flaw" is not exclusive to the company. Intel alleges that the issue affects "many types of computing devices — with many different vendors’ processors and operating systems" and that other brands are "susceptible" to these exploits.
Below is Intel's full statement on the matter, titled as "Intel responds to security research findings", revealing that performance impacts are "workload-dependent" and that Intel and other vendors planned to disclose the issue next week when "more software and firmware updates will be available".
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.
The first thing to take from this is that this security issue is not exclusive to Intel products, though at this time it is unknown how much other vendors are affected by the problem. Both AMD and ARM are explicitly mentioned in the statement, both of which are major rivals of Intel's in the x86 and mobile CPU markets respectively.
An AMD patch is already in the process of making its way into Linux which prevents the security enhancing kernel features from applying to AMD hardware, suggesting that the company is not vulnerable. This patch makes it hard to believe Intel's statement entirely, as it implies that AMD is risking the security of their users by forgoing these changes. Hopefully, more information will come to light regarding how AMD is affected by this issue shortly.
Right now the performance impact of these kernel updates has only been found to hinder the performance of select workloads by any significant margin, mostly affecting web servers and I/O heavy tasks. These performance issues are not expected to be a big deal for home users, with early testing indicating that gaming workloads will be mostly unaffected.
(Both x86 and ARM processors seem to be affected by these issues (in different ways))
In a statement to Axios, ARM has confirmed that some of their chip architectures are affected by the issue, though malware has to run locally on affected systems to have any chance of accessing privileged memory. Some of the company's Cortex-A series of processors are affected.
This method requires malware running locally and could result in data being accessed from privileged memory,
Our Cortex-M processors, which are pervasive in low-power, connected IoT devices, are not impacted.
AMD has also released a short statement to Axios, confirming that their processors are not susceptible to all three variants of the exploit. The company goes as far as saying that their architectures are at a "near zero" risk, though we will have to wait for more details to be disclosed later today.
To be clear, the security research team identified three variants targeting speculative execution, The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time. We expect the security research to be published later today and will provide further updates at that time.
What we know right now is that this security exploit is not exclusive to Intel processors, though judging from these statements from AMD and ARM Intel seems the least confident regarding the problem. AMD goes so far as to say their products are at "near zero" risk, making Intel appear to be the worse affected by this whole ordeal.
More information about this matter will be released shortly, with further updates from each company being set to shed some light on the subject.
You can join the discussion on Intel, AMD and ARM's statements regarding recent security findings on the OC3D Forums.