CAPE TOWN - Microsoft and Google revealed a new CPU security flaw that is comparable to the Meltdown and Spectre flaws released earlier this year.
The flaw that Microsoft and Google discovered is flagged speculative store bypass (variant 4).
Earlier this year, security researchers disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings.
One of the bugs was specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.
"Phones, PCs, everything are going to have some impact, but it'll vary from product to product," Intel CEO Brian Krzanich said in an interview with CNBC. Researchers with Alphabet Inc's Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws.
The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer's memory, potentially letting hackers read a computer's memory and steal passwords.
The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information. The researchers said on their website that Intel paid a so-called "bug bounty" to them for disclosing the flaws to Intel but did not state a dollar amount.
The researchers said Apple Inc and Microsoft Corp had patches ready for desktop computers affected by Meltdown. Microsoft said that a "majority" of its Azure cloud services used by businesses had already been patched and protected and that it is issuing a Windows security update.
"We have not received any information to indicate that these vulnerabilities had been used to attack our customers," Microsoft said in a statement.
Meanwhile, this new security threat uses speculative execution that modern CPUs utilise.
Browsers with the likes of Safari, Edge and Chrome are reportedly vulnerable to this threat.
What this new security threat does is, it could affect firmware updates that could affect the performance of CPUs.
Intel reportedly launched microcode updates which will be rolled out on a larger scale in the next couple of weeks, reports The Verge.
The updates will set the Speculative Store Bypass protection to “off by default”.
Users will then have to select the performance of their CPU and set it to either security or optimal performance.
- BUSINESS REPORT ONLINE