Security flaws put virtually all phones, computers at risk
Reuters, Jan 3 2018

Security researchers today disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM. One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.

Researchers with Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws. The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords and cached files. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

The researchers said Apple and Microsoft had patches ready for desktop computers affected by Meltdown. Microsoft said a majority of its Azure cloud services used by businesses had already been patched and protected and that it is issuing a Windows security update. "We have not received any information to indicate that these vulnerabilities had been used to attack our customers," Microsoft said in a statement.

Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it "probably one of the worst CPU bugs ever found." Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches. Spectre, the broader bug that applies to nearly all computing devices, is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term.