Qualcomm has confirmed its processors have the same vulnerabilities disclosed this week in , Arm, AMD and IBM CPU cores.

The California tech giant picked the favored Friday US West Coast afternoon “ dump” slot to admit at least some of its billions of Arm-compatible Snapdragon -on-chips and newly released Centriq server-grade processors are subject to the Meltdown and/or Spectre data-theft bugs.

“Qualcomm Technologies, Inc is aware of the security research on -wide processor vulnerabilities that have been reported,” a spokesperson for Qualcomm told The on Friday.

“Providing technologies that support robust security and privacy is a priority for Qualcomm, and as such, we have been working with Arm and others to assess impact and develop mitigations for our customers.”

The spokesperson continued:

We are actively incorporating and deploying mitigations against the vulnerabilities for our impacted products, and we continue to work to strengthen them as possible. We are in the process of deploying these mitigations to our customers and encourage to update their when patches become available.

Qualcomm declined to comment further on precisely which of the three CVE-listed vulnerabilities its chips were subject to, or give any details on which of its CPU models may be vulnerable. The paper describing the Spectre data-snooping attacks mentions that Qualcomm’s CPUs are affected, while the Meltdown paper doesn’t conclude either way.

Qualcomm uses a mix of customized off-the-shelf Arm cores and its homegrown Arm-compatible CPUs in its products, which drive tons of Android-based smartphones, tablets, and other devices. A selection of Arm Cortex-A and Cortex-R CPU core designs are vulnerable to the CVE-2017-753 and CVE-2017-71 Spectre vulnerabilities, but only one – the Cortex-A7 – is also vulnerable to the easily exploitable CVE-2017-754 Meltdown flaw. The A7 is not in any shipping product at the moment.

Qualcomm will use that A75 core for its Snapdragon 845, while other Snapdragon lines list the A53 and A72, which are only vulnerable to the two Spectre variants. As we said, Qualcomm uses a mix of custom and off-the-shelf cores; they are probably affected by Spectre, and maybe Meltdown. Qualy won’t clarify either way.

Look out for operating system updates – particularly Android and Linux – to install on your Qualcomm-powered devices and machines.

Apple, which too bases its iOS A-series processors on Arm’s instruction set, said earlier this week that its mobile CPUs were vulnerable to Spectre and Meltdown – patches are available or incoming for iOS. The iGiant’s Intel-based Macs also need the latest macOS, version .13.2 or greater, to kill off Meltdown attacks. Spectre also needs to be patched in macOS at some point.

Meanwhile, IBM said firmware updates will arrive next week for its POWER CPUs to address Spectre-like bugs in its designs. ®

Minds Mastering Machines – Call for papers now open

Source link


Please enter your comment!
Please enter your name here