AMD isn’t having it … saying that their chips are architecturally different – with near zero risk. All I can say is … if it’s based on the x86 platform, then it’s at risk.
That major security flaw attributed to Intel chips might not be so Intel-specific after all. After hours of silence, Intel has posted a response denying some of the claims about the exploit, which is believed to revolve around identifying content in an operating system kernel’s protected memory space. The chip giant shot down reports that the issue was unique to its CPUs, noting that it’s working with AMD and ARM (not to mention multiple OS makers) to create a solution — sorry, you’re not safe because you have a Ryzen rig. It also reminded people that the performance hit of the fix would be “workload-dependent,” and shouldn’t be noticeable for the “average computer user.”
The company also asserts that this isn’t a flaw, but rather “software analysis methods” that could potentially grab sensitive info from computing devices. It doesn’t appear to have the ability to corrupt, delete or modify data, Intel added, although that wouldn’t be much comfort if someone took sensitive material. There have been “no instances” of people abusing the vulnerability, Intel chief Brian Krzanich told CNBC.
Update: AMD isn’t having Intel’s claims that the issue is hardware-independent. In its own statement, it asserted that architecture differences meant that there was “near zero risk” to AMD-made processors. That lines up with the initial report, which referenced communication from AMD suggesting that its processors weren’t vulnerable. There’s clearly a he-said-she-said dispute going on, and it may be a while before we get the full story. You can read the full statement below.
“Hi – There is a lot of speculation today regarding a potential security issue related to modern microprocessors and speculative execution. As we typically do when a potential security issue is identified, AMD has been working across our ecosystem to evaluate and respond to the speculative execution attack identified by a security research team to ensure our users are protected.
“To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time. We expect the security research to be published later today and will provide further updates at that time.”
Update 2: The embargo on the vulnerabilities has expired early, and we now have a clearer idea of what they are. Meltdown is the one at the heart of the issue, and uses speculative execution to break the “fundamental isolation” between apps and the OS in a bid to swipe data. Spectre, meanwhile, uses a similar approach to break walls between otherwise secure apps. In fact, the safety checks of some of those apps actually make them more vulnerable. It’s more difficult to exploit Spectre, but it’s also more difficult to stop.
Google and Microsoft have already outlined what they’re doing. Google says Android phones with the latest security update are safe, as are Google Apps, Google App Engine and smart phone devices like Google Home, Chromecast and Google WiFi. You’ll want to invoke a Site Isolation feature on Chrome or Chrome OS, however. Microsoft, meanwhile, has issued a rare off-schedule Windows security update to address the problem.
Source: