Serious vulnerability found in processor chips made by lead vendors

Researchers from several corporate and university centres have revealed critical vulnerabilities in the processor chips made by lead vendors, such as Intel, AMD, ARM and Qualcomm. The two exploits of these vulnerabilities, presented by researchers and dubbed Meltdown and Spectre, allow attackers to access memory of the computers’ kernel – a core programme of a computer’s operating system (OS) – and thereby extract otherwise protected data. Early warnings by the prestigious computer emergency response centre – CERT – of the Carnegie Mellon University (CMU) suggested the vulnerability is embedded in the design of the chip architecture, and the replacement of the hardware may be necessary in all the devices that operate the vulnerable chips. Later report of the CMU CERT, however, suggests that software patches by main vendors of OS – Microsoft, Apple, Google, Amazon, and the Linux – may help as well, likely also because the initially suggested option of replacing hardware of most of computers around the world is not viable. Major OS vendors have promptly worked with chip producers and released critical patches, yet there are reports that their application slows down the work of machines significantly. Number of lawsuits have been raised against Intel in the US already. Reports that the vulnerability was actually discovered months ago, re-opened a debate on how to keep the vulnerability confidential until the patch is ready, in sync with broad cooperation among hardware, software, antivirus and other vendors on producing and disseminating patches.