A recent report has revealed that flaws in computer chips could leak passwords and other sensitive data on billions of computers and other electronic devices, including smartphones.
CNN Tech reported Thursday that the U.S. government-funded Software Engineering Institute warned consumers that chips need to be replaced in order to completely rectify the problem.
Existing inside of processors, the two flaws are called Meltdown and Spectre.
Modern processors are built to perform “speculative execution,” which CNN Tech describes as the manner by which the processors predict which tasks will be commanded and “rapidly access multiple areas of memory at the same time.”
The data accessed is meant to be secure.
However, researchers have discovered that in some instances, user information can be exposed while the processor queues it up.
What’s more, researchers believe the Spectre bug affects almost all computing systems. Meltdown, however, appears to be unique to computers housing an Intel INTC chip. Affected companies include Microsoft, Google and Apple.
In the case of Meltdown, the flaw breaks the isolation between the operating system and user applications, allowing a program to access the device’s memory (including security features ) according to Meltdownattack.com. The issue affects personal computers and cloud storage.
Experts warn that it is not safe to work with sensitive information on an un-patched computer.
There are currently some patches available for Windows and OSX, as well as Linux, according to Meltdownattack.
Experts say that Spectre, meanwhile, breaks down the isolation between different applications.
This issue would allow an attacker to manipulate even supposedly error-free programs — which utilize best practices — into exposing security secrets.
Although these vulnerabilities are a major concern, the U.S. Computer Emergency Readiness Team indicated that the agency is not currently aware of anyone using the flaws to attack vulnerable tech users.
Moreover, the Software Engineering Institute told CNN Tech that “fully removing the vulnerability requires replacing vulnerable (processor) hardware.”
On Thursday, the institute revised its guidelines to indicate that software updates were enough.
No further explanation was provided for the update in those guidelines, and the institute did not respond to CNN Tech’s request for more information.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.