Major security flaws put all phones and computers at risk

null

Two major security flaws that can affect nearly every computer, cloud server and smartphone in the world has been revealed.

The Meltdown and Spectre vulnerabilities are able to exploit weaknesses in modern processors made by Intel, with hardware made by ARM and AMD also affected, to access system memory on computers and other devices.

The "serious security flaws" could allow hackers to steal data contained on a device by launching malicious programs, which could then be used to access information such as passwords, documents, emails and more, according to The Register.

The news was uncovered by Google Project Zero security researchers, who found that the flaws affect hardware dating back as far as 1995, meaning nearly every modern computing device in the world is potentially at risk. The researchers added that the affected companies had been aware of the problem for some time, but had hoped to solve it before being uncovered.

"Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed," Intel confirmed in a press release.

The company added that fixes in the form of software updates or patches would be made available within the next few days, but has already come under fire for its slow reaction.

AMD and ARM both responded to the news faster than the American firm, with the latter confirming that some of its processors, including the Cortex-A chips used in many modern smartphones, have been affected.

In a statement, AMD said, "The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time."

However some reports have claimed that Spectre may not be able to be fixed without completely redesigning the processors themselves, and that the patches needed to address the Meltdown vulnerability could slow down computers by as much as 30 per cent.

Google and Microsoft have both already said that their systems have been patched and protected against the flaws, safeguarding their Google Cloud and Azure platforms, with AWS also confirming a fix was being rolled out.

“AWS is aware of the issue described in CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754," an AWS spokesperson told ITProPortal. "This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices. All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours. We will keep customers apprised of additional information with updates to our security bulletin, which can be found here."