An oversight in the design of an Intel chipset is forcing an update for Linux and Windows devices that will result in massive slowdowns, possibly upwards of 30%. This design flaw isn’t just a processing issue, it’s also a security one. Apple devices are also affected, meaning that Intel’s x86-84 processors are going to need a complete redesign to work. The error is reported to be so deep in the units that code updates, even at the finest level, can’t remove the error. Completely new processors are required to fix the problem by replacing the compromised units. Exactly what’s wrong has been deliberately hidden by Intel in an attempt to stop the issue becoming a widespread problem. Patch notes were released, but with the attendant explanation deliberately redacted to make understanding the changes harder.
What is known is that this bug isn’t a recent mistake, it’s present in Intel processors produced for the last decade. The bug allows Javascript to see, somewhat, the contents of protected kernel memories. Normally this wouldn’t occur, the kernel is supposed to be hidden from everything else. Your kernel is what makes everything happen, it comes up whenever a process happens wherever it happens. The kernel exists everywhere on your computer, providing the basic ability for it to run that’s utilized by other programs. This bug allows those programs to retain control of the kernel and to report back on its code. This means a website would be able to see the underlying ways your device runs, and potentially inject something so deep that no anti-virus program would ever be able to see it. A virus that is literally undetectable to your computer could be introduced, with no way of removing it without destroying it. It’d be like if your nervous system was taken over by your hand, and that hand had a death wish. The patch works by forcibly separating the kernel from the code, building a wall between the kernel and the outside world. Instead of the kernel residing invisibly within a device’s code, it now has to be fetched and escorted every time something needs its powers.
Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.
