What You Need to Know About the Major Flaws Affecting PCs and Smartphones In a statement, Intel said the problem isn't unique to Intel products and denied that it would drag down performance for the average computer user.

This story originally appeared on PCMag

via PC Mag

Over the next few weeks there's a very good chance your PC or laptop will take a significant performance hit, possibly up to 30 percent slower. Worse is the fact you can do nothing about it, as the slowdown is a side effect of fixing a major design flaw in Intel processors.

If your computer uses an Intel processor produced in the last decade, it probably contains the design flaw. Intel has not yet released a list of affected chips; it's keeping the details under lock and key until operating system patches have been released for Linux, Windows and macOS.

As The Register reports, the flaw is thought to allow user programs to gain access to protected kernel memory areas. The kernel is the core of an operating system and controls anything and everything running on it. It is therefore extremely important the kernel memory remains secure due to the sensitive information it can contain.

Although nobody outside of Intel knows the specifics, the flaw is thought to be so serious it could allow any software, even a bit of JavaScript running in a web browser, to access and steal data stored in the protected kernel memory. So that includes your passwords, login keys or any files that happen to be cached when unauthorized access occurs.

The vulnerability alone is bad enough, but the fix makes the situation even worse. Closing the security hole will result in a significant performance hit to each system. Current estimates suggest that hit could be as high as 30 percent. You read that right, once your system is patched it may run 30 percent slower for certain tasks.

There is no way around this if your system uses an Intel chip. Some newer processor models are thought to be immune, or at least better able to work around the flaw, but until Intel releases specifics we can't confirm which ones. If you are running an AMD processor, you're fine. AMD confirmed its processors are not vulnerable.

Linux kernel patches are already available, with Microsoft expected to roll out the Windows patch with next week's Patch Tuesday. Also keep in mind this flaw will impact all of Intel's major corporate customers. Imagine how many Intel chips are running inside Amazon's or Facebook's datacenters, for example, and what a performance hit will mean for them.

UPDATE: In a statement, Intel said the upcoming fix shouldn't drag down performance for the average computer user.

"Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," the company insisted.

The chip maker didn't go into detail about the exact problem, but suggested Intel products aren't the only ones affected. "Based on the analysis to date, many types of computing devices -- with many different vendors' processors and operating systems -- are susceptible to these exploits," it said.

Furthermore, "Intel believes these exploits do not have the potential to corrupt, modify or delete data."

The company originally decided to disclose the bug next week, but opted to release a statement on Wednesday to address what it considered to be inaccurate media reports. It's now delivering the software and firmware fixes to its partners.

"Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available," Intel said.

UPDATE 2: The Intel flaw involves two vulnerabilities that can be used to steal your passwords, emails and any other sensitive data you have on your computer, according to the security researchers who uncovered the bugs.

Intel also isn't the only vendor affected. One vulnerabilty, named Spectre, was found in AMD and ARM-based chips, too. The other vulnerability, dubbed Meltdown, was found mostly in Intel processors as far back as 1995; it's unclear whether AMD or ARM-based chips have the same problem.

Both bugs can essentially help malware grab data stored in sensitive programs, including a password manager or browser. "While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs," the researchers wrote.

Desktops, laptops, cloud servers, and smartphones are affected by one or both vulnerabilities, the researchers warn. Attacks that exploit the two vulnerabilities are also difficult to detect and don't leave any traces.

The risk is especially severe for cloud computing providers, which lease their servers to different clients. Both Meltdown and Spectre can essentially erode the boundaries in a machine that seperate one client's data from another.

The public can find more details about the vulnerabilities on a new website the researchers created detailing the issue.

Android devices with the latest security update from Jan. 2018 are protected from the vulnerabilities, Google wrote in a blog post.

As for Microsoft, it's been rolling out a patch for Windows PCs that should arrive on Wednesday.

Unfortunately, the Microsoft fix may result in some performance dips. "For most consumer devices, the impact may not be noticeable, however, the specific impact varies by hardware generation and implementation by the chip manufacturer," the company said.

Despite the patching, the security researchers say the Spectre security flaw, although harder to exploit, is also more difficult to fully patch. Software-based solutions can act as a stop-gap measure against the threat, but until vendors update their chip designs, Spectre will remain a problem.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Science & Technology

From Silicon Valley to Everywhere — How AI Is Democratizing Innovation and Entrepreneurship

AI is no longer just a tool for big corporations — it's a global equalizer, empowering entrepreneurs from every corner of the world to innovate, scale and compete like never before.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

'Enormous Chaos and Confusion': Do You Need to File a BOI Report? After Another New Ruling, Here's What Business Owners Need to Know.

Failing to file the report could cost small businesses $591 per day—if you even have to file it at all.

Data & Recovery

Join the Highest-Growing Industry in 2025 With This $60 Cybersecurity E-Learning Bundle

You could land your dream job as a cloud security specialist, ethical hacker, or security analyst.

Franchise

5 Benefits of 'Ick' Franchise Industries

What makes "ick" franchise industries so valuable? As a franchise consultant of many years, I've learned is that there is real value in everyday essential industries that, if given the chance, have real material benefits that just might be the right fit for your goals.

Business News

Want to Be Jeff Bezos's Next Door Neighbor in Miami? You Now Can — For $200M

Run out of flour? Maybe your other neighbors, Tom Brady and Ivanka Trump, can help.