show image

Oscar Williams

News editor

Tech companies scramble to issue patches for chip flaws

Tech companies are scrambling to ship patches to protect devices from two vulnerabilities found in popular CPU chips.

The flaws were uncovered by security researchers at Google who have warned that they could be used to steal users’ data.

The first flaw, dubbed Spectre, affects chips made by Intel, AMD and ARM. The second, dubbed Meltdown, affects Intel chips and one ARM chip.

Google’s researchers had been due to publicly disclose the flaws next week, after firms had taken measures to protect their devices. But the Register scooped them, forcing firms to urgently issue patches before the bugs could be exploited.

A spokesperson for the National Cyber Security Centre said there was no evidence of malicious exploitation to date, but added: “The NCSC advises that all organisations and home users continue to protect their systems from threats by installing patches as soon as they become available.”

The Register has reported that the security fixes could slow down the performance of the chips by between five and 30 per cent. The fix reportedly involves separating the memory reserved for the operating system and the memory for other processes.

Nigel Houlden, head of technology at the Information Commissioner’s Office, said all organisations have a duty to keep personal information in their care secure.

“That involves having layered security defences in place, including procedures for applying patches and updates, to help to mitigate the risk of exploitation,” he added.

“Many types of computing devices – with many different vendors’ processors and operating systems – are susceptible to these exploits,” said Intel. ARM said it had shared patches with its customers, while AMD claimed there was “near zero risk” to its products.