Skip to Content
Computing

New security flaws have been found in Intel chips—this is what you need to do right now

Intel logo
Intel logo
Intel logoAP

The four new vulnerabilities, uncovered by cybersecurity researchers, affect almost every chip the firm has made since 2011.

The news: Intel and a group of security researchers from universities and security firms around the world have revealed four security flaws similar to the Spectre and Meltdown holes uncovered last year that affected billions of chips. There’s no evidence (yet) that the latest set of vulnerabilities have been exploited by hackers, but they could be used to pilfer all kinds of sensitive data.

The Not-So-Fab Four: The flaws make it possible to target computers’ central processing units, or CPUs. These are the “brains” of the machines, orchestrating their other functions. To speed things up, CPUs use a process known as “speculative execution,” which means they try to guess ahead of time the processes they will be asked to run and the data needed.

Like Spectre and Meltdown, the new security holes can be used to compromise CPUs engaged in this guesswork. One called ZombieLoad could let intruders steal information from applications and cloud-based systems. Another called Rogue In-Flight Data Load could manipulate chips’ memories in ways that expose sensitive information. The two other flaws, dubbed Fallout and Store-to-leak-forwarding, could be exploited to steal data or compromise operating systems. (If you want to check whether your computers are at risk or get more details about the flaws, you can use an online tool made available by the researchers here.)

What you should do: The best fix would be to rip out all the chips and replace them—but that would be prohibitively expensive. The next best fix is to apply software patches developed by Intel and others. Amazon, Apple, and Google have already released patches—so make sure you are updated to the latest version. Apple says iPhones, iPads, and Watches are not affected. Some security researchers also recommend disabling hyper-threading, an Intel feature that lets certain core tasks run in parallel on its chips to boost processing speed. In a statement, Intel pointed out that its latest generations of chips are not affected

The disclosure debate: This new chipocalypse will rekindle the debate over how and when hardware vulnerabilities should be disclosed to the public. Intel has said it discovered the flaws a year ago, but it needed time to work out disclosure plans and develop patches. However, that means many customers have only just discovered that their machines were more vulnerable to hacking than they thought.

Deep Dive

Computing

Conceptual illustration of quantum computing circuity, in multiple colors
Conceptual illustration of quantum computing circuity, in multiple colors

Quantum computing has a hype problem

Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.

winning team for Pwn2own 2022
winning team for Pwn2own 2022

These hackers showed just how easy it is to target critical infrastructure

Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.

child outside a destroyed residential building in Kiev
child outside a destroyed residential building in Kiev

Russia hacked an American satellite company one hour before the Ukraine invasion

The attack on Viasat showcases cyber’s emerging role in modern warfare.

Russia is risking the creation of a “splinternet”—and it could be irreversible

If Russia disconnects from—or is booted from— the internet’s governing bodies, the internet may never be the same again for any of us.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.