Intel addressed a number of issues in today’s statement, and it continues to claim that the impact from the two major vulnerabilities—called “Spectre” and “Meltdown”—has been exaggerated and will be fully mitigated over time.
And this is true on all of the Intel-based systems out there, not just PCs. Intel says that it and its partners—like Microsoft—have “made significant progress in deploying updates as both software patches and firmware updates” on personal computers and servers.
“Intel has already issued updates for the majority of processor products introduced within the past five years,” the Intel statement reveals. “By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services.”
With regards to the performance impact of the fixes for these vulnerabilities, again Intel is citing what it believes are exaggerated reports.
“The performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time,” the firm notes. “While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact.”
But Intel continues to claim, alarmingly, that the flaws that led to these exploits are not “bugs” in its processors.
“This is not a bug or a flaw in Intel products,” the company writes. “These new exploits leverage data about the proper operation of processing techniques common to modern computing platforms, potentially compromising security even though a system is operating exactly as it is designed to. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”
I take exception to that claim: The systems may be working as designed, and they may work similarly to other processors from other companies. But this is very much the result of one or more design bugs, or flaws. And stating otherwise reeks of legal double-talk, an attempt to avoid a class-action lawsuit or similar.
Anyway, Intel says that it will continue working with its partners to address the recently-revealed problems. The assumption here is that further updates may be needed, and that things will only improve over time. But the firm says it is not aware of any real-world malware based on these exploits. Surely, that is only a matter of time.