Intel CEO Brian Krzanich addressed the Meltdown and Spectre bugs during his keynote speech at CES in Las Vegas, saying that forthcoming updates will fix all processors that have been introduced in the past five years.
Krzanich thanked cybersecurity professionals for their work in uncovering and fixing the bugs, touting “the collaboration among so many companies to address this industry-wide issue across several different processor architectures.”
Meltdown and Spectre are two exploits that leverage critical vulnerabilities in a wide range of processor chips. Intel is the company most directly impacted. The vulnerabilities allow attackers to steal data being processed on the computer, including passwords and other sensitive data.
Since the bug became public, users have complained that patches have slowed computer performance anywhere from five to 30 percent.
“We believe the performance impact of these updates is highly workload dependent,” he said. “Some workloads may experience a larger impact that others, so we’ll continue working with the industry to minimize the impact on those workloads over time.”
Krzanich popped into the news last week when it was revealed that he sold an exceptionally large amount of company stock in the fourth quarter of 2017 after the company was informed of the widespread vulnerabilities affecting their processors. Experts say the size of Krzanich’s transaction mean the SEC will almost certainly examine the transaction, but few believe anything significant will come of it.
Underscoring the severity of the vulnerabilities, there are reports that Intel is creating a new hardware security and quality assurance team led by some of the company’s top executives.
Apple released a new series of security patches to address the vulnerabilities on Monday to harden both iOS and MacOS. That follows steps taken by cloud computing giants Google, Amazon and Microsoft to mitigate the impact on their customers, while also protecting users from attacks and performance loss.
Krzanich repeated again that there is no sign that the vulnerabilities have been exploited. However, researchers say there would likely be no way to tell if exploitation has occurred, specifically with the Spectre bug.