Intel Corp. admitted Wednesday that its chips have a vulnerability that will require software patches, but denied a media report that said other companies’ chips were not affected and that the software updates will have a major effect on devices’ performance.
Intel INTC, -0.23% shares had their worst day in eight months, but pared deeper earlier losses after disputing some of the details of Tuesday evening’s report from online technology news site The Register. That report said Intel chips has caused Linux coders and those at Microsoft Corp. MSFT, -1.40% to patch their operating systems for security reasons. Most damning, however, was that the report said these patches will slow down performance by 5% to 30% in certain systems with Intel chips, and that Advanced Micro Devices Inc. AMD, -0.92% processors were not affected. AMD later said there was a “near zero” chance its chips could be affected.
Intel’s stock had been down as much as 6% early in Wednesday’s session, but closed down 3.4% at $45.26, the worst one-day percentage loss since April 28, 2017, when shares also dropped 3.4%. Intel was the second-most heavily traded stock on the S&P 500 index with more than 114 million shares exchanging hands, compared with a 52-week average daily volume of 23.8 million shares. Shares declined an additional 1.1% in after-hours trading, as Intel went into more detail on a conference call and media interviews.
Opinion: Intel suffers an epic security fail, offering a big opportunity for AMD
Intel said the weakness is a so-called “side channel” exploit that allows a malicious user running code to observe the content of privileged memory such as passwords, and is fixable through software patches. On the conference call Wednesday afternoon, Intel said the exploit could not cause a denial-of-service attack or inject malicious code, and that the average user should not see the performance issues quoted by media reports, but it would depend on the workload.
“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect,” Intel said in a statement. “Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”
Intel continued: “Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industrywide approach to resolve this issue promptly and constructively.”
On CNBC, Intel Chief Executive Brian Krzanich said he believes the company has the right fixes in place for the issue and has not seen the security exploit used.
The most heavily traded stock on the S&P 500 Wednesday, at volume of more than 150 million shares, was rival chip maker AMD. The stock has a 52-week average daily trading volume of 65 million shares. Shares, which had rallied more than 10% earlier, closed up 5.2% at $11.55. In the first two sessions of 2018, shares are up more than 12%, after having declined 9.3% over the course of 2017. After hours, shares rose 1.1%.
AMD, citing a report from Alphabet Inc.’s GOOG, -0.04% GOOGL, +0.00% Google Project Zero, said in a statement that its chips are not affected by the exploit.
“To be clear, the security research team identified three variants targeting speculative execution,” AMD said. “The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time.”
In a statement, ARM Holdings said the flaw is not an architectural one and that the side-channel exploit “only works if a certain type of malicious code is already running on a device and could at worst result in small pieces of data being accessed from privileged memory.” ARM said that a majority of its processors were not affected and provided a list of those that were.
The big question is how much Intel is going to be liable for the security flaw, according to Bernstein analyst Stacy Rasgon in a note, calling to mind a $475 million hit Intel took in 1994 to address a bug in its Pentium processors, and the $700 million impact in 2011 to address the Cougar Point chipset issue.
“The current problem feels much bigger ($475M would have replaced perhaps 5-10M processors back in 1994, and the Cougar Point issue affected ~8M units, while the affected PC installed base today is in the hundreds of millions of units); potential liability remains the biggest open-ended question we have at the moment,” Rasgon said.
Intel said on its conference call that it did not expect to face a financial impact from the vulnerability.
Nvidia Corp. NVDA, -1.29% shares also rallied Wednesday, gaining 6.6% to close at $214.47, and rising another 0.5% after hours. The gains in AMD and Nvidia follow Tuesday’s strong day for chip makers following reports of strong November sales. Nvidia shares were the 13th-most heavily traded stock on the S&P 500 at more than 22 million shares.
“This is a positive in our view for Nvidia (Data Center),” RBC Capital Markets analyst Mitch Steves wrote in a Wednesday note of the Intel news. Steves has an outperform rating on Nvidia but does not cover AMD. “If there are speed/performance issues with Intel products, this gives Nvidia a chance to gain market share while the issues are being resolved.”
Micron Technology Inc. MU, +0.26% shares were the fifth-most traded stock on the S&P 500 with more than 42 million shares changing hands. Shares of the chip maker closed up 3%, and tacked on another 0.8% after hours.
A little over two months ago, the roles were reversed for Intel and AMD: Shares of Intel surged after posting “impressive” earnings while AMD shares dropped even after topping Wall Street expectations.
The PHLX Semiconductor Index SOX, +0.29% rose 38.2% in 2017, and is up 4.5% for the first two days of 2018.