Who's affected by computer chip security flaw
Technology companies are scrambling to fix serious security flaws affecting computer processors built by Intel and other chipmakers and found in many of the world's personal computers and smartphones.
The two hardware bugs discovered can be exploited to allow the memory content of a computer to be leaked. Such a leak could potentially expose stored passwords and other sensitive data, including personal photos, emails and instant messages.
Here's a look at what's affected, what's being done about it and whether you should worry.
While researchers say the Meltdown bug is limited to Intel processors, they have verified Spectre as a problem for Intel, Advanced Micro Devices and ARM processors. AMD chips are also common in PCs, while ARM chips are found in many smartphones and other internet-connected products, including cars and home appliances.
AMD said there is 'near zero risk' to its own processors, either because its chips are designed differently, or security fixes for Microsoft Windows and other operating systems will take care of the problem.
ARM Holdings said it's working with Intel, AMD and operating system vendors to address the problem. The ARM design is also used in Apple's mobile chips; Apple didn't respond to inquiries on whether iPhones and other mobile products are affected.
The bugs also affect cloud-computing services powering much of the internet. These services, offered by Amazon, Microsoft, Google, IBM and others, give smaller companies access to data centers, web hosting and other services they need to run their businesses. But these cloud services also use computers with the same types of problem chips.
Unauthorized access will be difficult to detect so cloud-computing providers need to act quickly to protect against these vulnerabilities, said Ryan Kalember, senior vice president of cybersecurity at Proofpoint.
The good news, he said, is that major cloud providers have known about this for months and have had time to tackle the problem.
There are limits to what consumers can do now to protect their computers.
Advice from the US Computer Emergency Readiness Team's was grim. The federal organization says that "fully removing the vulnerability" requires replacing the hardware already embedded in millions of computing devices.
That's not to say nothing can be done.
Consumers can mitigate the underlying vulnerability by making sure they patch up their operating systems with the latest software upgrades. There are already Meltdown patches for Microsoft's Windows, Apple's macOS and Linux. Mozilla says it's also implementing a short-term mitigation that disables some capabilities of its Firefox browser. Google says Android devices are protected if they have the latest security updates.
"If you download the latest update from Microsoft, Apple, or Linux, then the problem is fixed for you and you don't have to worry," security researcher Rob Graham said in a blog post Thursday. "If you aren't up to date, then there's a lot of other nasties out there you should probably also be worrying about."