MANDEL NGAN/AFP/Getty Images
show image

Oscar Williams

News editor

Intel’s Brian Krzanich pledges to put security first following Meltdown and Spectre flaws

Intel CEO Brian Krzanich has pledged in an open letter to the tech industry to put security first after major vulnerabilities were discovered in the firm’s processors.

Krzanich promised that Intel would now publicly identify significant vulnerabilities following responsible disclosure rules, while sharing hardware innovations to tackle side-channel attacks.

“We also commit to adding incremental funding for academic and independent research into potential security threats,” he wrote.

The two security flaws affect millions of computers, tablets and mobile phones and could expose sensitive data to hackers. Google, Microsoft, Apple, Linux and Amazon are among the firms to have already shipped patches to protect against them.

The first flaw, dubbed Spectre, affects chips made by Intel, AMD and ARM. The second, dubbed Meltdown, affects Intel chips and one ARM chip.

Krzanich said that software and firmware patches for at least 90 per cent of Intel CPUs introduced in the last five years would be available today (11 January), with the remainder to be rolled out by the end of the month.

Microsoft published a blog last week detailing how Spectre and Meltdown mitigations would affect the performance of different Windows systems. Users of Windows 10 running on newer CPUs such as Skylake and Kaby Lake show minor slowdowns that most users should not expect to notice, the firm said.

Meanwhile, it warned that some users of Windows 10 running on older CPUs would notice a decrease in performance, while most users of Windows 7 or Windows 8 would notice a change once the updates had been installed.

Krzanich acknowledged that the patches could affect performance: “We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information.”

He also called on hardware and software developers to take the same approach: “Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress.”

The Information Commissioner’s Office warned last week that firms which fail to patch against Meltdown and Spectre microprocessor bugs could face fines if they lead to a data breach.

Nigel Houlden, head of technology policy at the ICO, said: “We strongly recommend that organisations determine which of their systems are vulnerable, and test and apply the patches as a matter of urgency.”