Computer security experts have discovered two major security flaws in the microprocessors inside nearly all of the world’s computers.
The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of a computer. There is no easy fix for Spectre, which could require redesigning the processors, according to researchers. As for Meltdown, the software patch needed to fix the issue could slow down computers by as much as 30 percent — an ugly situation for people used to fast downloads from their favorite online services.
“What actually happens with these flaws is different and what you do about them is different,” said Paul Kocher, an independent researcher who was an integral part of the team that discovered the flaws. That leaves the computing services run by the likes of Amazon, Google and Microsoft, where many of the world’s business and independent developers run their websites and other software, open to hackers.
According to the researchers, including security experts at Google and various academic institutions, the Meltdown flaw affects virtually every microprocessor made by Intel, which makes chips used in more than 90 percent of the computer servers that underpin the internet and private business operations.
The other flaw, Spectre, affects most other processors now in use, though the researchers believe this flaw is more difficult to exploit. There is no known fix it.
Microsoft, maker of the Windows operating system, and Apple, maker of the Mac operating system, will need to distribute software code that can patch the first flaw, the researchers said. The worldwide community of coders that oversees the open-source, Linux operating system, which runs about 30 percent of computer servers worldwide, has already posted a patch for that operating system.