Intel Says Major Security Bug Also Affects Competitors ARM and AMD
Intel fired back at reports that its entire microprocessor family was riddled with a severe security hole, conceding that the vulnerability existed but saying that a fix was in the works and that competing chips were also affected.
Initial reports on Wednesday that the flaw, which could allow hackers to steal confidential information like passwords, only affected Intel’s chips sent the company’s stock price plunging 7% while competitor Advanced Micro Devices shares jumped 6%. Reports that a software fix would slow the performance of affected PCs contributed to the strong reaction.
But in a mid-afternoon statement, Intel (INTC) said the early reports were wrong. And mobile chip designer ARM Holdings said its chips were also affected and that it was working with Intel and AMD (AMD) on a fix. That helped Intel shares claw back some of the drop and the stock closed down only 3%, while AMD ended with a 5% gain.
“Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect,” Intel said. “Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”
ARM, which is owned by SoftBank Group, said in a statement: “ARM have been working with Intel and AMD to devise mitigation for a new method identified by security researchers that can exploit certain high-end processors, including ours…Software mitigation measures have already been shared with our partners. ARM takes all security threats seriously and we encourage individual users to ensure their software is up-to-date and always practice good security hygiene.”
Get Data Sheet, Fortune’s technology newsletter.
AMD said its chips were affected by some but not all of a series of related security exploits uncovered by researchers. AMD has already developed a simple software fix for its chips that will not impact PC performance, an AMD spokesman said. “Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time,” the company said in a statement. “We expect the security research to be published later today and will provide further updates at that time.”
The problem arose in the software that runs the core processing center on Intel chips, known as the kernel. Researchers found that programs running on a PC could gain access to parts of the kernel’s stored memory that were supposed to be off limits. That could allow a malicious hacker to read confidential information like passwords or data files cached in memory, the tech news site The Register reported.
Some of the confusion resulted from the fact that researchers at Google (GOOGL) had found several different exploits to crack the kernel’s protected data, but had not published their full findings when some of the details began to leak. One exploit with two variations, dubbed Spectre, impacts virtually all major chip lines, while another, called Meltdown, is limited to Intel’s chips.
Intel said it had already begun distributing software fixes to eliminate the issue and denied that the patches would noticeably hamper the performance of affected systems. “Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,” Intel said.