The cybersecurity community began work Wednesday to patch vulnerabilities in processors used on almost every computer around the world, according to CNBC.
Security researchers first discovered a flaw in Intel Corp.'s chips earlier this week — as first reported Tuesday by The Register — leaving countless computer processors built over the last 10 years susceptible to malware attacks. However, several other researchers, including Google's Project Zero team, determined the design technique used in chips also manufactured by Arm and other companies, left the chips open to potential attacks, CNET reports.
Intel concurred in a statement Wednesday, and said it is "working closely with many other technology companies, including AMD, Arm Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits."
Though the company and other members of the tech community became aware of the chips' bugs last year, they failed to publicly disclose the information.The industry was planning to publish the data security issue once the fix was in place, but the information had been leaked early, Intel CEO Brian Krzanich told CNBC separately.
One vulnerability, called "Meltdown," affects Intel's chips, while the other, dubbed "Spectre," could also affect AMD's and Arm's, as well as Intel's, CNBC noted. In other words, Meltdown "allows malicious programs to gain access to higher-privileged parts of a computer's memory," but Spectre "steals data from the memory of other applications running on a machine," Wired explained.
Mr. Krzanich reportedly sold a about 644,000 shares of his stake in the company after the chipmaker was made aware of the flaw last year, as evident in filings with the Securities and Exchange Commission, according to CNBC. Mr. Krzanich reportedly later sold more shares, bringing his stake down 250,000 shares, which is the minimum amount the CEO of Intel is required to own. It is unclear whether the decision to sell his stake in the company is related to the security vulnerability.
The chipmaker did not immediately respond to CNBC's email seeking comments.
Users are advised to apply the first available security updates from companies who make the software on their devices — such as Microsoft or Apple. Other service providers, including Amazon, are working to patch the servers in their data centers, so some users may experience downtime as they apply the patch, according to CNBC.
More articles on cybersecurity:
Ripple soars 160% in 1 week, but its hard to buy
Survey: Americans trust healthcare industry with personal data more than government
McAfee: Healthcare tops Q3 security incidents — 3 things to know