The computer industry is scrambling on Wednesday to patch a massive security vulnerability that’s present in the processors used on almost all the computers in the world.
The vulnerabilities could allow a hacker to steal information stored in the memory of a wide range of computer chips running on personal devices — not just computers and phones, but also the servers in data centers, including those used to run cloud computing services.
The widespread vulnerability could allow a hacker to steal information stored in the memory of the chip itself, including things such as passwords and cached files. It could also pave the way for attackers to weaken other security features.
‘Meltdown’ and ‘Spectre’
One of the vulnerabilities, dubbed Meltdown, is known to affect Intel chips.
Another, Spectre, could affect chips from many vendors, including Intel as well as AMD and Arm.
Although there are no known exploits for the problem yet, the problem is alarming because it could affect so many computers.
Intel and AMD chips power nearly all personal computers and the computers used in data centers, including those that power online services and cloud computing services, while Arm chips power many smartphones.
A site with detailed information about Meltdown and Spectre vulnerabilities says that Google’s Jann Horn and third-party researchers discovered them around the same time.
Intel, others respond
Intel CEO Brian Krzanich also told CNBC that Google first alerted it to the vulnerability, and Google has published a detailed rundown of the exploits.
Intel and other companies were scrambling to fix the problem before word got out, the New York Times reports, but news of the vulnerability was reported by The Register on Tuesday, so the companies and researchers rushed to release information about it on Wednesday.
What you should do
Individuals should apply the first available security updates from the companies who make the software on their devices, like Microsoft Windows, or Apple for iOS.
Service providers such as Amazon are working to patch the servers used in their data centers, and some users may experirence down time as they do this.