The recently discovered design flaw in Intel-branded processors has gained plenty of attention, but now Intel is weighing in and trying to tame the spreading flames.
Update: Both AMD and ARM have responded to the design flaw. AMD says that there is a “near zero risk” with its own processors, while ARM has admitted that its own efforts are susceptible to vulnerabilities.
Here are the statements:
“There is a lot of speculation today regarding a potential security issue related to modern microprocessors and speculative execution. As we typically do when a potential security issue is identified, AMD has been working across our ecosystem to evaluate and respond to the speculative execution attack identified by a security research team to ensure our users are protected.
To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time. We expect the security research to be published later today and will provide further updates at that time.”
And from ARM, by way of CNET:
— CNET (@CNET) January 3, 2018
The original article follows below.
The company has officially published a statement on its website, saying first that the company planned to disclose the flaw next week on its own terms, and that, at that time, additional software patches would be made available to address the problem. However, the statement it is making today is due to “inaccurate media reports,” adding that the design flaw is not an exclusive flaw to Intel-branded processors.
Moreover, the company says that the exploit cannot be used to modify, corrupt, or delete data. The company’s statement does not directly comment on the design flaw allowing for the exploit to read kernel data, for what it’s worth.
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
As it stands right now, Intel says that it is working with a variety of different companies, including ARM, along with operating system vendors, in a all-hands-on-deck sort of way, so that the issue can be fixed in a timely manner. When that broad fix will arrive, however, is not stated in the official statement.
For what it’s worth, it has already been reported that macOS is patched. Specifically, Apple updated its operating system to address the design flaw with the public release of macOS 10.13.2. So while other companies are currently working to fix the problem in their own computers, it looks like Apple has already patched the problem.
The question on everyone's minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the "Double Map" since 10.13.2 — and with some surprises in 10.13.3 (under Developer NDA so can't talk/show you). cc @i0n1c @s1guza @patrickwardle pic.twitter.com/S1YJ9tMS63
— Alex Ionescu (@aionescu) January 3, 2018
You can read Intel’s full statement through the source link below.
Intel’s statement, while trying to lay blame across the board, does come off as pretty defensive. But perhaps that’s understandable, considering it is Intel that is being thrown under the bus for the particular design flaw and available exploits. However, it sounds like the company is doing what it can to fix the problem, and with software updates being planned soon, a widespread fix should be available soon.[via Intel]