Computer chips from billions of computers worldwide have discovered a security vulnerability that could allow attackers to access sensitive data. Researchers demonstrated that it is possible to gain access to passwords, encryption data or information from programs.
The vulnerability lies in a process whereby chips may retrieve information needed later in advance to avoid delays in the delivery of information. This technique known as “speculative execution” has been used by vendors for many years. This threatens a large amount of computing devices.
Whether the security gap has already been exploited is unknown. You probably would not even be able to tell, because the attacks leave no traces in traditional log files.
The processor manufacturers can not fix the problem themselves. Only a costly update of the operating system can close the gap. The Windows and Linux updates are expected to be available soon. It is unclear whether Apple is also planning an adaptation of its operating system.
Depending on the application and processor, the devices could slow by 5 to 30 percent. The reason: The new security functions force the chip to additional work steps. These are to prevent third-party programs from accessing the blocked storage areas.