Intel, Microsoft And Google Has Discovered Low-Risk Chips Flaws!
Cybersecurity researchers have discovered low-risk chips flaws.
Researchers have found new flaws in modern computing chips. The flaws are related to Spectre and Meltdown that were already emerged in January. The newest problem, known as Speculative Store Bypass or Variant 4, same family as the original flaws, and disclosed on May 21, by security researchers at Microsoft Corp and Alphabet Incs’ Google. The flaws can affect many chips at Intel Corp, Advance Micro Devices Inc and Softbank Group’s ARM holdings. But the researcher describe it low-risk flaws as the web browser patches already issued earlier to address Spectre. But the risk could only mitigated not eradicated.
The Meltdown and Spectre flaws emerged in January can access the sensitive data or passwords stored on chips. German computer science magazine reported earlier this month that ‘next generation’ flaws found on intel’s chips are likely to disclose this month. Though the Intel decline to comment on the issue but later it announce the news.
Microsoft research concludes that the patches issued for common web browsers in earlier this year greatly reduce the risk of attack with new discovered flaws. Chips from Intel, ARM and ADM has patches available directly or either through software providers such as Microsoft. Intel, Microsoft and AMD have released advisories to timely update the software and hardware as well. Intel expects performance slowdown between 2-8 percent while ARM expects slowdown of 1-2 percent.
However, Intel said as the risk of real-world attack is low, it would ship the patches turned off by default, giving users the choices whether they want to turn it on or not. Due to difficulty of attacks AMD also advice to turn off the patches.
The chipmakers’ stock price does not appear to effect with these security problems. Intel has reaffirmed that expanding their bug bounty program and other measures. This will help to counter upcoming threats and the possibilities of comprising cyber security.