In a stunning turn of events, researchers discovered a significant vulnerability in virtually ALL Intel processors. The vulnerability is similar to the Heartbleed bug of 2012. The bug allows normal programs to access the secured memory in the system’s kernel. A kernel is the core of an operating system—and just so happens to be responsible for handling the MOST sensitive tasks carried out by your operating system. Needless to say, this is bad.
What does this mean for you? Another major security patch will be rolled out in the coming days, and it will need to be installed on every PC that has an Intel CPU, including Apple and Linux systems. However, don’t completely panic. Many OS’s will patch this issue automatically, as long as you say yes to those pesky little updates.
This security flaw was first noticed after the introduction of a new kernel page table isolation (KPTI) in Linux operating systems. Yet, Intel has said that this affects every Intel CPU made in the last 10 years. AMD chips are thought to be unaffected by this vulnerability.
In order to combat this, a technique is being employed by several OS manufacturers that works to separate the user and kernel space memory, therefore preventing the hardware security vulnerability. Kernel space can contain sensitive, private information posing a real issue if compromised. The down side—this fix will have adverse effects on your processor’s performance.
Researchers have estimated that the fix (or rather workaround) for this issue will cause a significant slowdown of the affected systems, anywhere from 0.28 to 35 percent. It is a hardware-based vulnerability. Therefore, software security patches can only go so far to correct it.
More vulnerability details are expected to be available on January 9. Until then, check out the full article HERE and bring yourself up to speed.
