Intel has posted the following open letter from CEO Brian Krzanich, verbatim:
An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leaders
Following announcements of the Google Project Zero security exploits last week, Intel has continued to work closely with our partners with the shared goal of restoring confidence in the security of our customers’ data as quickly as possible. As I noted in my CES comments this week, the degree of collaboration across the industry has been remarkable. I am very proud of how our industry has pulled together and want to thank everyone for their extraordinary collaboration. In particular, we want to thank the Google Project Zero team for practicing responsible disclosure, creating the opportunity for the industry to address these new issues in a coordinated fashion.
As this process unfolds, I want to be clear about Intel’s commitments to our customers. This is our pledge:
1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
2. Transparent and Timely Communications: As we roll out software and firmware patches, we are learning a great deal. We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information. These can be found at the Intel.com website.
3. Ongoing Security Assurance: Our customers’ security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.
We encourage our industry partners to continue to support these practices. There are important roles for everyone: Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress.
The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve.
— Brian Krzanich
CERT: The only way to fix the Meltdown and Spectre vulnerabilities is to replace the CPU. Intel et al. are going to try to sell us on a software bandaid instead of really fixing the problem properly. Watch and see. https://t.co/OeC2AoPdlK #Intel #AMD #ARM
— MacDailyNews (@MacDailyNews) January 4, 2018
Intel’s CEO Brian Krzanich sold off the majority of his shares after finding out about the irreparable chip flaws – January 4, 2018
Apple releases iOS and macOS updates with a mitigation for Spectre CPU flaw – January 8, 2018
Meltdown and Spectre: What Apple users need to know – January 8, 2018
How Apple product users can protect themselves against Spectre and Meltdown CPU flaws – January 5, 2018
Apple: All Mac systems and iOS devices are affected by Meltdown and Spectre security flaws – January 4, 2018
CERT: Only way to fix Meltdown and Spectre vulnerabilities is to replace CPU – January 4, 2018
Security flaws put nearly every modern computing device containing chips from Intel, AMD and ARM at risk – January 4, 2018
Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw – January 3, 2018
Intel’s massive chip flaw could hit Mac where it hurts – January 3, 2018
And this is the guy who sold as much of his Intel stock as he could shortly after Intel was made aware of these issues and long before these issues were made public. So, why should we have any trust in anything he says?
And to MDN: going out today (and likely for the next 9 to 12 months) and replacing the CPUs won’t solve the issues. The CPUs need a redesign. Even if they started redesigning ALL their CPUs as soon as they learned of the issues those CPUs likely won’t ship until calendar Q4 of 2018 AT THE EARLIEST. To say the only way to fix it is with new CPUs is just feeding the FUD crowd mentality. Everyone should apply the mitigating patches unless you have an airgapped system *and* cannot take the performance hit.
The sale cycle in calendar Q4 2018 through calendar Q3 2019 will be interesting indeed.
Yes and what of the new 2018 Mac Pro and the Intel chips in those? More waiting for a fix?
There are a lot of users, like myself, that are using/running older computers with older OSes because we can’t afford to update older, legacy software.
There are, also, those users who have older computer hardware that CAN’T upgrade/update to a newer operating system due to hardware limitations.
And some of us, can’t upgrade our older mobile devices, either, OR DON’T want to upgrade their newer mobile devices, due to problematic issues inherent in the most recent mobile OS upgrades/updates.
I wonder how Apple’s work is going on their own processor?
They won’t be able to ride in like a cowboy on a white horse, like Shane, and save the town from the fat, lazy, and corrupt sheriff and his sadistic deputy. Things are pretty much just going to suck for everyone, for a long time.
It’s a national disgrace.
The problem is that the chips were originally designed using Intel Pentiums…
Do ARM-based processors share the same Spectre and Meltdown issues at Intel processors? I have been wondering, but have not seen anything definitive on that…
If not, then this represents an incredibly huge opportunity for Apple, as its ARM-based processors would suddenly receive a massive performance boost relative to Intel processors smothered by software intended to address those vulnerabilities. And that advantage would last for at least a couple of years until Intel can start pumping out processors based on an updated design.
A11 and A11X-based Macs are in the cards. This is the year of the ARM-based Mac!