UK Markets closed

Intel says memory security issue extends beyond its own chips (updated)

Jon Fingas

That major security flaw attributed to Intel chips might not be so Intel-specific after all. After hours of silence, Intel has posted a response denying some of the claims about the exploit, which is believed to revolve around identifying content in an operating system kernel's protected memory space. The chip giant shot down reports that the issue was unique to its CPUs, noting that it's working with AMD and ARM (not to mention multiple OS makers) to create a solution -- sorry, you're not safe because you have a Ryzen rig. It also reminded people that the performance hit of the fix would be "workload-dependent," and shouldn't be noticeable for the "average computer user."

The company also asserts that this isn't a flaw, but rather "software analysis methods" that could potentially grab sensitive info from computing devices. It doesn't appear to have the ability to corrupt, delete or modify data, Intel added, although that wouldn't be much comfort if someone took sensitive material. There have been "no instances" of people abusing the vulnerability, Intel chief Brian Krzanich toldCNBC.

True to rumors, Intel and other firms had planned to reveal the issue "next week," or just in time for firmware and software updates that would address the problem. It only piped up sooner because it wanted to address reports.

It's not shocking that Intel would try to get ahead of the issue in this way. If this really had been an Intel-specific issue, it would have been a serious blow to a company trying to fend off rising competition from AMD and Qualcomm. At the same time, it's far from reassuring to hear that potential attacks can affect even more systems than first thought, and that few people if any would completely avoid a slowdown (however slight). Like it or not, the device you're using right now is almost certainly affected by this, and certain users (particularly server operators) are bound to notice it.

Update: AMD isn't having Intel's claims that the issue is hardware-independent. In its own statement, it asserted that architecture differences meant that there was "near zero risk" to AMD-made processors. That lines up with the initial report, which referenced communication from AMD suggesting that its processors weren't vulnerable. There's clearly a he-said-she-said dispute going on, and it may be a while before we get the full story.

Intel Newsroom