The security holes, dubbed Meltdown and Spectre, affect the chips in computers, smartphones, and tablets made after 1995. The flaws could allow hackers to access a device's memory, making passwords and banking information vulnerable. Equipment made by any vendor and running almost any operating system could be affected.
The vulnerabilities were discovered last summer by security researchers at Google's Project Zero in conjunction with industry and academic researchers. Daniel Gruss, one of the researchers who found the problem, told The Guardian that Meltdown is "probably one of the worst CPU bugs ever found."
There is no evidence that attackers have yet taken advantage of the vulnerabilities, according to The New York Times. However, once security issues like these are announced, users who do not install available fixes to protect their data are at risk.
Meltdown and Spectre will not just impact personal devices. Both flaws could be exploited in servers, data centers, and cloud computing platforms like Google Cloud, Amazon Web Services, and Microsoft Azure. To protect both personal and company information, businesses should make sure their operating systems are up to date and watch for any updates from firms like Microsoft, Google, and Apple.
Microsoft pushed the first wave of operating system fixes for the security flaw on Wednesday and expects to release more in the coming days. Other companies are rushing to issue fixes as well, including chipmakers such as Intel.