By Adam Lidgett Law360 (October 24, 2019, 3:12 PM EDT) — Life Spine Inc. and two executives have agreed to pay nearly $6 million total toread More
News, Class Actions, Commercial Litigation, Defective Products
Intel Announces Patch for Its Central Processing Unit: Millions Affected by Security Vulnerability
Developers are rushing to remedy the problem and have developed a patch that offers partial relief, but installation of the patch results in significant device degradation. The majority of computers and laptops purchased since 2008, and servers installed within the same time frame are affected.
As a result of the problem and the corresponding patch, those affected by the issue are left with two unappealing choices: spend money on a new processor or completely new computer, replacing a system that is no more than 10 years old, or work on a device that is significantly slowed or continue using it without the repair patch, exposing them to security risks.
Design Flaw Unprecedented in Scope
This is considered one of the most wide-spread design flaws in history and is expected to affect millions of users.
The problem forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug, but to date, the only patch available significantly degrades the performance of the product. Current estimates show a slow-down of at least five to 30 percent, depending on how the device is being used.
Every device developed in the last decade could be affected. Everyone with a Google, Amazon, or Apple Account will be forced to choose between applying a patch that degrades their device, or buying a new processor or computer, as the problematic chip is installed on most computers, laptops, and servers during that time.
Other operating systems, including Apple’s 64-bit macOS, will also need updating. The flaw is in the Intel x86-64 hardware, and must be patched in software at the OS level, as microcode updates can’t address it. The only other option is to replace the processor or buy a whole new computer.
Problem Puts Users at Risk for Having their Passwords, Login Keys, and Other Sensitive Information Stolen
The bug is present in modern processors featuring the Intel chip KASLR (kernel address space layout randomization) produced in the past decade.
The vulnerability could be used by anyone with malicious intent to more easily exploit other security problems. It could also be abused by programs and users to read what’s in the kernel’s memory, which is normally hidden from user processes and programs because it contains sensitive security information, including passwords, login keys, files cached from disk, and more.
In an effort to provide a security patch, programmers from Linux, Windows, Amazon, and Apple developed a patch by overhauling the open-source Linux kernel’s virtual memory system. Microsoft and Apple are also expected to introduce changes to their operating systems.
Unfortunately, these patches degrade device performance and it is doubtful they even patch the entire problem.
Efforts are already underway to provide compensation for those affected by the design flaw.
Most computer users must now choose between purchasing a new processor or computer, or being forced to use a device with massive security vulnerabilities or significant performance degradation.
If you are one of the millions of people affected by the compromised Intel chips, or you’re unsure what you should do next, we can help. You might be eligible to join the upcoming class action. Contact us to learn more about your options.