Reports this morning that Intel processors are affected by a serious flaw that may reduce performance significantly hit the company’s credibility and stock hard. Intel has now officially responded to these reports, calling them “incorrect” and “inaccurate,” and saying it had planned to discuss this very issue next week.
The flaw makes it possible for ordinary users and processes to access data deep in the inner mechanisms of the processor and architecture — specifically, kernel memory. The possibilities for bad actors taking advantage of such a gaping hole are numerous, and unfortunately there is no easy solution that does not also slow the processor’s operations considerably.
In its statement, issued “because of the current inaccurate media reports,” Intel writes:
Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
In other words, it’s not just them. This may seem like deflection, but it’s also possible that the issue is more widespread than just Intel hardware — and Intel isn’t likely to blow smoke with a claim that can’t be verified. Other major chip and OS companies are almost certainly all already aware of the problem; indeed, Intel says some were about to make a joint announcement:
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively.
Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available.
You can expect more official details then and likely not before; joint disclosures of major security issues by billion-dollar companies tend to come out on their own time.
Intel downplayed the performance hit: “Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,” the statement read.
That’s good, but no doubt the impact will be measured carefully by benchmarks and explained in detail — some setups and applications will surely be affected more than others.