Intel chip vulnerabilities

Intel computer chip vulnerabilities the story so far

Anyone who relies on a Mac or PC for work, which is most of us nowadays, will have been horrified when news broke early in January that Intel had discovered a flaw in the chips it manufactures.

Potentially, this meant that every machine fitted with an Intel chip for the last 20 years or more could have had security vulnerabilities, although there is no evidence that anyone has so far tried to exploit them.

Nevertheless, the fact that this became known, will have worried users, not least because they were likely to be affecting nearly every operating systems and device. Apple, for example, confirmed that the issue affected all its products from Macs to iPhones and iPads.

Toshiba, Dell and HP, Microsoft, Apple started to rush out patches, and some had apparently been working on patches for operating systems at least six months before the news of the problem broke.

But then other problems began to emerge when users installed them.

They were implicated in spontaneous and unexpected machine reboots, and also in slowing machines down, sometimes by as much as 20%.

Most recently, on January 23, Intel issued a statement advising people to no longer apply the patches.

According to a BBC news online report “Intel spokesman Navin Shenoy said it had been investigating why the earlier patches caused “higher-than-expected reboots and other unpredictable system behaviour”.

It added that Intel said it now knew what caused these problems and was developing fresh patches that would work better. The company’s own investigations showed computers slowing down between 2% and 25%.

Technology specialists doubted that there would be a new, improved patch anytime soon, so it’s definitely a case of “watch this space” for developments and hold off from installing the currently-available patches.


Is Apple losing its edge?

Apple laptops and desktops are often the favourite hardware for businesses, partly for quality and partly because they have always been seen as largely hack-proof.

But a recent problem has caused some technical writers to question whether the “big A” is beginning to lose its edge.

A flaw was discovered in the most recent version of MacOS High Sierra, that enabled anyone to enter the machine without a password.

The bug was discovered in late November by a Turkish developer, who discovered that entering the username “root” and leaving the password field blank, hitting “enter” a few times, he could gain access to the machine.

The vulnerability, which fortunately could not be used remotely, could give someone with root access more powers than a normal user, for example to read and write files to other accounts.

More seriously a superuser with root access and with malicious intent could have deleted crucial system files, rendering the computer useless – or install malware that might be undetectable to typical security software.

Apple issued a temporary workaround by allowing users to set a root password while it fixed the problem.

The instructions are here

However, according to the tech publication WIRED, there were more problems when Apple rushed out a patch, within 18 hours, and users discovered that the “root” bug returned if they updated to the 10.13.1, version.  The machine had to be re-booted for the patch to work, but Apple had not included this in the instructions.