Researchers have discovered two security flaws in the vast majority of computer chips produced in recent years, including one that could theoretically affect just about every personal computer, mobile device, and cloud server.
The flaws, nicknamed Meltdown and Spectre, are related to how the chips are designed and are detailed on a site created by the team of researchers from Google, the University of Pennsylvania, the University of Maryland, Graz University of Technology in Austria, the University of Adelaide in Australia, and researchers from cybersecurity companies Cyborgs Technology and Rambus that discovered them.
Their simplest explanation of what the flaws can do:
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
According to Google, last year, its Project Zero team “discovered serious security flaws caused by ‘speculative execution,’ a technique used by most modern processors (CPUs) to optimize performance,” which led to further research.
Intel chips dating back to 1995 are affected, according to ZDNet, and processors made by AMD and Arm (which produces Apple’s chips for mobile devices) are also vulnerable, according to the researchers’ website. “Based on the analysis to date, many types of computing devices—with many different vendors’ processors and operating systems—are susceptible to these exploits,” an Intel representative told Quartz.