- Reuters/ Robert Galbraith
- Intel says that it’s already sending out fixes for the massive “Meltdown” and “Spectre” security bugs, with 90% of recent processors getting the patch by the end of next week.
- Google had previously said that there is no single way to guard against the Spectre attack.
- But Intel now says it can make its processors “immune.”
Intel says that it’s already starting to send out software updates that will make its processors “immune” to the “Meltdown” and “Spectre” hacks that were first revealed on Wednesday. The bugs could make it possible for a hacker to access sensitive information, like photos or passwords, from almost every PC, phone, and tablet.
“By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” Intel said in a press release Thursday.
That still leaves a long way to go: The Meltdown and Spectre attacks are believed to present a threat to almost any Intel processor made since 1995. But safeguarding the last five years’ worth of chips is a good start.
The really interesting wrinkle is that Intel is claiming that it has a fix for “Spectre” at all.
When Google’s Project Zero lab first disclosed the vulnerabilities, it said that it was possible to guard against Meltdown with software patches. So far, Meltdown has only been shown to run on Intel processors. It’s comparatively easy to pull off a Meltdown attack, said Google, but it’s also easier to detect and ward off with software.
But Spectre is different. It’s harder to write and execute a Spectre attack, says Google. But it’s also much harder to fortify against – Spectre can work on most Intel processors and many AMD and ARM processors, and the only known surefire way to completely safeguard against it is to simply not use a vulnerable processor.
That’s harder than it sounds, given that almost every modern processor is, indeed, vulnerable. Spectre won’t be stamped out entirely until processors stop relying on a concept known as “speculative execution,” which is a cornerstone of modern chip design. That’s going to take time. Which, in turn, is why Google named it Spectre.
“As it is not easy to fix, it will haunt us for quite some time,” the official Meltdown/Spectre FAQ says.
It’s not immediately clear how to reconcile that prognosis with Intel’s claim that it has figured out how to defend against Spectre using software – Intel’s announcement effectively contradicts what the Project Zero security experts told the world just yesterday.
We’ve reached out to Intel for additional comment and will update if we hear back. Intel stock was down 1.83% at the bell.