A security report has emerged that most of the computers and smartphones with Intel, AMD and ARM chipsets are vulnerable to getting hacked.
Previously, it was reported (by The Register) that only Intel chips had fundamental design flaws that allowed cybercriminals to run malicious codes remotely to read the protected memory of the device, but later, Intel refuted the claim that only theirs was flawed.
It has come to light that AMD and ARM Holdings, among other chipsets too, have this serious flaw and have been notified by Google's Project Zero research team.
According to Google Project Zero, there are two major flaws—one, has two versions: CVE-2017-5753 and CVE-2017-5715 dubbed as 'Spectre', and the second: CVE-2017-5754 is called as 'Meltdown'.
During testing, Project Zero researchers discovered the aforementioned security flaws, which took advantage of 'speculative execution,' a technique used by most modern processors (CPUs) to optimise performance.
Cybercriminals using malicious codes on speculative execution were able to read the protected system memory that should have been inaccessible. For example, an unauthorised party may read sensitive information in the system's memory such as passwords, encryption keys, or sensitive information open in applications.
Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.
We come to understand that 'Spectre' is more severe compared to the 'Meltdown', as the latter can affect harm only Intel processor-based devices, while the former can harm all brands of CPU chipsets and its effect will more widespread.
Thankfully, both the vulnerabilities can be easily fixed by a software update. Intel is in talks with other chipmakers to release the security firmware as soon as possible.
"Intel is committed to the product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," the company said in a statement.
Search engine giant, Google has already notified the issue to affiliated to OEMs (Original Equipment Manufacturers) to update their Android mobiles and Chrome-powered notebooks. Google Pixel and Nexus, which recently received the January security patch, earlier this week, come with the fix for the flaws. Others are yet to follow the suit.
As far as the Linux, Microsoft Windows and Apple MacOS-powered computers are yet to receive the security patch, but the wait won't be long.