Two flaws entitled Meltdown and Spectre were published this week in Intel processors made since 1995 and corporations have been speeding to offer fixes and workarounds.
Meltdown eliminates the barrier between user applications and sensitive parts of the OS system while Spectre, which is also reportedly located in some AMD and ARM processors, can trick vulnerable applications into dripping the contents of their memory.
Torvalds was clearly unimpressed by Intel’s bid to play the crisis through its media announcements, saying: “I think somebody inside of Intel must really take a long hard look at their CPUs, and really admit that they have effects instead of writing PR blurbs that say that everything operates as designed.”
The Finn, who is perceived for never beating about the forest where technical issues are regarded, questioned what Intel was actually trying to say.
“Or is Intel essentially saying ‘we are dedicated to selling you shit forever and ever, and never fixing anything’?” he demanded. “Because if that’s the case, maybe we should begin looking towards the ARM64 people more.”
Meanwhile, an Australian who was part of the organization that published advice about the bugs, said: “These bugs in the device can enable hackers using malicious programs to steal sensitive data which is currently prepared on the computer. Such programs can exploit Meltdown and Spectre to get hold of secrets saved in the memory of other running programs.”
Dr. Yuval Yarom, of the University of Adelaide’s School of Computer Science, and Data 61, added: “They do this because the processor leaves delayed traces of the information that it’s processing, and these tracks could lead a hacker to find important information.”
But he said there was a resolute to the findings too. “Ultimately, I think our data will help to change the way processors are designed, to help prevent such cybersecurity concerns.”
The organizations involved in finding the bugs included Google’s Project Zero, the University of Adelaide and CSIRO’s Data61 in Australia, the Graz University of Technology in Austria, Cyberus Technology GmbH in Germany, and the University of Pennsylvania, University of Maryland and Rambus in the US.