In the wake of revelations relating to the Meltdown and Spectre security vulnerabilities, Intel is insisting that it will not recall affected computer chips.
On Wednesday, it was reported that Google and others had discovered serious vulnerabilities that affect a broad range of personal computers and smartphones made with chips produced by Intel, AMD and Arm. The vulnerabilities could allow attackers access to sensitive data on these devices, including passwords and encryption keys. The vulnerabilities in particular affect large data centers, such as those run by Google, Microsoft and Amazon.
While Intel in 1994 famously recalled one of its Pentium chips because of the “FDIV Bug,” company CEO Brian Krzanich says that Intel will not recall chips because of Meltdown and Spectre. The reason he is giving is that he believes that the vulnerabilities can be patched with software updates that have already begun rolling out.
Krzanich went on to say that 90% of chips manufactured in the past 5 years will have patches available by sometime next week. Patches for chips produced is the last 10 should available in the coming weeks as well. However, it is unclear at the moment when or even if patches will be available for chips more than 10 years old. The company would only say that they are working with computer manufacturers to determine the priority of additional patches. They also indicated that chips up to 15 years old can be affected by the vulnerabilities.
Responding to the widespread concern that the software patches will degrade chip performance, Krzanich stated emphatically that for most common applications running on its processors the patches will have little or no impact on performance. Intel also stated that the vulnerabilities won’t exist in new chips being released later this year. These chips, they insist, will incorporate the software patch currently being implemented.
Intel stock fell 5% on the news of the vulnerabilities. It has also been reported that Krzanich recently sold hundreds of thousands of Intel shares after Google notified the company of the vulnerabilities. Though Krzanich insists that the transaction was part of a timed sale, over which he had no control. He further said that he still owns 250,000 shares of Intel, as required by his employment contract.