Processor technology from companies including ARM, AMD and Intel was found to have a security vulnerability with the potential to allow access to sensitive information stored on smartphones, computers and other connected devices.
Researchers at Google’s Project Zero uncovered the issue – which all parties maintain is yet to be exploited by criminals – in June 2017. Impacted vendors have been working on a fix since and a series of security patches are already available for some devices, Google said.
In a statement, Intel said the company was set to make the issue public next week, but was forced to make a statement due to “inaccurate media reports”.
Reports surfaced yesterday (3 January) with wide coverage from media across the world. In an interview with CNBC, Intel CEO Brian Krzanich said phones, PCs and other connected infrastructure such as cloud applications could be impacted.
ARM – whose technology is used in 95 per cent of the smartphone processor market – said the majority of its products were not affected by any of the three main variants of the vulnerability identified by Google’s researchers.
However, the company confirmed its Cortex-A8, A9, A15, A17, A57, A72, A73, A75, R7 and R8 are vulnerable to both the first and second variant. The third variant could impact ARM’s Cortex-A15, A57, A72 and A75 it warned.
ARM added: “It is important to note that this method [of attack] is dependent on malware running locally which means it’s imperative for users to practice good security hygiene by keeping their software up-to-date and avoid suspicious links or downloads.”
Google said Android users with its latest security update were already protected, as were users of to its Pixel and Nexus devices. It added none of its apps were vulnerable.