Intel may be on the hook for costs stemming from lawsuits claiming that the patches would slow computers and effectively force consumers to buy new hardware, and big customers will likely seek compensation from Intel for any software or hardware fixes they make, security experts said.
The executives clarified, however, that the performance impact will be negligible when it comes to average PC users. Researchers with Alphabet's Google ProjectZero, in conjunction with academic and industry researchers from several countries, discovered two flaws.
Both the chipmaker and Google, which informed Intel about the vulnerability in June, said they were planning to disclose the issue next week when fixes will be available.
Unauthorized access will be hard to detect so cloud-computing providers need to act quickly to protect against these vulnerabilities, said Ryan Kalember, senior vice president of cybersecurity at Proofpoint.
Customers of Microsoft, the maker of the Windows operating system, will need to install an update from the company to fix the problem. There are already Meltdown patches for Microsoft's Windows, Apple's macOS and Linux.
Governor Brown announces proposed state budget for 2018
Assemblyman Jim Frazier, D-Solano, who is chairman of the Assembly Transportation Committee, is pleased with that particular move. CalPERS has gained more than $30 billion since July 1, giving it a portfolio worth more than $355 billion.
Krzanich sought to allay worries about the situation in a hastily arranged conference call with reporters on Wednesday afternoon, stressing that there haven't been any known instances of hackers actually exploiting the vulnerability, and promising that fixes were on the way. What's interesting to note is that the Project Zero team purports to have first learned about these security flaws "last year".
After keeping quiet for much of Wednesday, Intel released a statement on the reported security problems with its chips. "Intel has begun providing software and firmware updates to mitigate these exploits".
"Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time", the release added.
Not patching the vulnerability not only puts the data in the chip memory at risk, but also provides an entry point to critical servers and the entire corporate network.
It seems that this flaw can allow malicious programs to access some areas of an OS that they usually are not supposed to be accessed, and we are referring to the kernel memory. It said that it had already protected almost all instances of AWS and that customers must update their own software running atop the service as well.
"Contrary to some initial reporting, this is NOT just an Intel bug, it affects AMD and ARM processors as well". The problem impacts processors going back more than two decades and could let hackers access passwords, encryption keys or sensitive information open in applications.