Intel has confirmed a small but increasing number of reports suggesting its chips are vulnerable to remote hacking.
Internet-of-things, PC, and server processors by Intel are all affected. The vulnerabilities were discovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, the most severe of which could allow attackers to make commands on Intel-based computers running on Intel Core processors released since 2015.
Millions Of Intel-Based Computers At Risk
According to Intel's security alert, the vulnerabilities can allow hackers to "load and execute arbitrary code outside the visibility of the user and operating system."
They can obtain privileged system information, putting millions of devices around the world at risk. Only one vulnerability allows remote access to affected computers, however, as the rest require physical access to the target devices.
Intel has promptly published a detection tool on its website for Windows and Linux to help users determine whether their system is vulnerable. It's available to download now.
Intel Chips Affected By Security Flaw
The vulnerability affects a wide range of Intel processors, including Skylake, Kaby Lake, and Kaby Lake R, which are Intel's more modern and high-end architectures. But the lower-end ones — Pentium, Celeron, Atom, and multiple Xeon chips — are also affected.
Below are the affected processors:
• Sixth, seventh, and eighth-Generation Intel Core Processor Family
• Intel Xeon Processor E3-1200 v5 & v6 Product Family
• Intel Xeon Processor Scalable Family
• Intel Xeon Processor W Family
• Intel Atom C3000 Processor Family
• Apollo Lake Intel Atom Processor E3900 series
• Apollo Lake Intel Pentium
• Celeron N and J series Processors
Intel has posted a fix for PC customers, but so far, only a handful of manufacturers, including Dell and Lenovo, have published a list of affected systems. At the time of writing, there appears to be no firmware updates available yet.
Are You Affected? Probably
Users whose computers have either of the processors listed above should best assume that their device is affected. Keep in mind that Dell and Lenovo's respective lists include a staggering number of models, and there could be more as other manufacturers begin to release their own.
But there's some hope this could be solved quickly. As Ars Technica reports, HP, Dell, and other vendors apparently have completed firmware patches and are preparing to distribute them. Even still, the impact is still hard to determine.
"We have no real idea how serious this is yet," said Google security researcher Matthew Garrett. "It could be fairly harmless, it could be a giant deal." Expect due coverage as Tech times learns the grander implications of these just-discovered vulnerabilities.
Is your computer affected? Feel free to sound off in the comments section below!