PCR Tech and IT retail, distribution and vendor news
After more than a month after the Spectre flaw was revealed, Intel Data Center Group executive vice president and general manager Navin Shenoy has assured that the chipmaker is still working on the issue and said that the company has given its industry partners microcode updates for Skylake CPUs.
For Skylake users this means that a patch should be imminently arriving on their systems, with other platforms being followed up shortly after.
Writing in a blog post, Shenoy confirmed the updates: "Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days."
Those additional platforms include chips based on Broadwell and Haswell (which both had updates withdrawn over reports of random reboots).
What this means is that the end may be in sight for the Spectre scandal, with firmware and OS updates hitting millions of devices over the coming days.
Shenhoy also used the opportunity to stress the necessity for users to keep their systems and devices updated, saying: "I can’t emphasize [sic] enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change.
"According to the Department of Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks can be prevented with – among other things – regular system updates."
What is Spectre?
Spectre is a pre-existing CPU flaw that was discovered in late 2017 by Google’s Project Zero team. It, along with a similar flaw called Meltdown, means that "CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts."
What this essentially means is that one app could access data running in other apps on devices using Intel, ARM and AMD CPUs. Affected vendors have promised that they are quickly working on fixes, with the likes of Microsoft, Mozilla, VMWare and Google all issuing statements on the issue.
It has been branded as the biggest scandal that chip manufacturers have faced since the Pentium FDIV Bug of the 90s.
