Intel and its partners reported they have “made significant progress” in releasing software and firmware updates to protect systems against the recently disclosed CPU attacks. According to the company, the security patches should be available for most of its new products by the end of this week.
Last week, the security experts revealed the details of the two new side-channel attacks targeting CPUs from Intel, AMD and ARM – Spectre and Meltdown.
The CPU attacks leverage three different flaws and can be used to bypass memory isolation mechanisms and gain access to sensitive data, such as emails, passwords, documents, and photos.
According to the researchers, the Spectre flaws may be remotely exploited by hackers in targeted or massive attacks very soon.
AMD pointed out that there is a “near zero risk” to its customers, while ARM stated that only a few of its Cortex processors have been impacted.
On Thursday, Intel told its customers that system manufacturers have been provided firmware and software updates against Spectre and Meltdown for processors launched in the last five years.
According to the experts, almost every Intel processor made since 1995 is impacted. Now, it’s up to the system manufacturers to distribute the security patches.
“By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” Intel stated.
Regarding the mitigations that the Spectre and Meltdown vulnerabilities can introduce performance penalties of as much as 30%, Intel noted that the average users will notice no difference at all.
Intel cited Google, Microsoft, Apple, and Amazon, who said that the mitigations did not create any noticeable performance issues so far.
Due to Spectre and Meltdown vulnerabilities, the Intel stock lost 6% in value shortly after the disclosure.
The most effective protection against the CPU attacks is the use of kernel page table isolation (KPTI), a hardening technique designed by security experts at the Graz University of Technology in Austria to isolate kernel space from user space memory.
Google researchers independently found the flaws and also created a novel mitigation called Retpoline.
Additionally, some other huge tech companies like Apple, Google, Microsoft, VMware, and Red Hat have already started releasing software updates and workarounds to resolve the security flaws.
