A serious design flaw reportedly present in all Intel’s CPUs made in the past ten years is leaving devices vulnerable to hackers, requiring an operating system (OS) update in order to fix it – and it has been reported that ARM and AMD are also at risk.
The Meltdown flaw allegedly affects all systems running Intel x86 chips and is present across all popular operating systems, including Windows, Linux and macOS. A second flaw, dubbed Spectre, affects Intel, AMD and ARM cores. Apple has confirmed that all iOS devices – including iPhones, Apple TV and iPads are also at risk from attack.
Ross Brewer, vice president and managing director of EMEA at security intelligence firm LogRhythm, has made the following commented: “This is without doubt the most disturbing issue to hit the industry for decades – with all modern processors, computing devices and operating systems affected. This really is the big one, and everyone – consumers and businesses alike – must pay attention. Not only is the attack surface the biggest we’ve seen, with so many devices at risk globally, the exposure window is also huge as it is reliant on people voluntarily patching their systems, which obviously has a significant lag. Though Intel have vowed to make every machine virtually immune to known superbugs such as Spectre and Meltdown, there are reports emerging today that shares were sold just before the vulnerability came to light. Of course, if this turns out to be true, this would be a big concern as it doesn’t align to the trusted ‘Intel Inside’ brand values that we as consumers all signed up to.
“Fear aside, attention must turn to the ‘what now’. Countless headlines are no doubt confusing for those just wanting to know how best to preserve the security around their data. For businesses, it’s never been more critical to understand the real-time behaviour of users across their networks. As this vulnerability opens the door to theft of credentials, logins and other private information, any unusual network activity needs to be detected, investigated and remediated as soon as it occurs.
“Last year, we all witnessed what can happen when unpatched machines are used to spread malware worldwide – and it’s safe to say that nobody wants a repeat of that. Consumers must also take time to understand what’s happened and learn how they can protect their phones, watches, computers and other devices through patching. While these exploits and the mechanics to leverage them are not yet public and we aren’t seeing any widespread compromises, once they become known, hacker groups will likely be quick to exploit them as we have seen in the past. Without the right action now, this will become a very serious timebomb, and we really will be only as strong as our weakest link.”