Chipmakers promise patch to address widespread security flaw

Google's Project Zero security team has exposed a major vulnerability in devices running chips from AMD, ARM and Intel that could allow malicious attackers to access sensitive information in the system’s memory such as passwords, encryption keys or information open in applications. The chipmakers said they are preparing software patches to try to close the security hole. 

Google said its team discovered the problem last year and moved quickly to protect Google systems and users and inform manufacturers and the rest of the industry. The company came forward with the news following speculation in the press and ahead of a planned coordinated release of updates for the security problem by industry players on 09 January.

Google's researchers said the security flaws are caused by 'speculative execution', a technique used by most modern processors (CPUs) to optimize performance.

Interl, the world's biggest chipmaker, said it's working closely with other companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve the issue "promptly and constructively". Intel has begun providing software and firmware updates to mitigate these exploits. Any performance impact is workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time, the company said.