Sign up for our daily briefing

Make your busy days simpler with the Axios AM and PM newsletters. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to the Axios Closer newsletter for insights into the day’s business news and trends and why they matter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios Pro Rata

Dive into the world of dealmakers across VC, PE and M&A with Axios Pro Rata. Delivered daily to your inbox by Dan Primack and Kia Kokalitcheva.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with the Axios Sports newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with the Axios Des Moines newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with the Axios Tampa Bay newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Nashville news?

Get a daily digest of the most important stories affecting your hometown with the Axios Nashville newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Columbus news?

Get a daily digest of the most important stories affecting your hometown with the Axios Columbus newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Dallas news?

Get a daily digest of the most important stories affecting your hometown with the Axios Dallas newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Austin news?

Get a daily digest of the most important stories affecting your hometown with the Axios Austin newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Atlanta news?

Get a daily digest of the most important stories affecting your hometown with the Axios Atlanta newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Philadelphia news?

Get a daily digest of the most important stories affecting your hometown with the Axios Philadelphia newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Chicago news?

Get a daily digest of the most important stories affecting your hometown with the Axios Chicago newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top DC news?

Get a daily digest of the most important stories affecting your hometown with the Axios DC newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Rebecca Zisser / Axios

A nasty series of vulnerabilities affecting decades of chip processors from Intel and others is the root of the broadest security hole to date, affecting nearly all computers, smartphones and servers. Companies including Apple, Amazon, Microsoft and Google are scrambling to provide software updates to their operating systems and cloud services — but researchers said the software makers can't fully address the holes the chips left open.

The bottom line: While one vulnerability is potentially limited to just Intel chips, a related flaw affects the chips used in nearly every modern device.

That means you'll want to be sure to install the latest updates for your computers, phones and tablets and even your browser. Cloud providers like Amazon's AWS and Microsoft's Azure will need updates, as will large web service providers that operate their own data centers. And even then you are only partially protected.

How the flaws work: The vulnerability is created by how chips do what is known as "speculative execution" — basically using their spare time to take on tasks that haven't specifically been requested. Unfortunately, researchers have demonstrated that the way chips handle such tasks also could give a malicious program access to protected parts of a computer's memory. There's a good explainer with more detail here.

What's affected: Virtually every device that runs on a modern chip, as well as the cloud services used by consumers and businesses. There are two separate classes of attacks.

  • One set, known as "Meltdown," seems limited to Intel processors made since 1995. Researchers say the issue can be addressed via a software update, but with a potentially significant impact on performance.
  • Another called "Spectre" affects all manner of modern chips, including processors from rival AMD as well as the ARM-based chips used in smartphones and other devices. This broader issue is harder to exploit, but also harder to address, with no one cure-all likely to work.
  • Researchers also demonstrated how a similar attack could also be used within a browser, so Mozilla, Google and other browser makers are also updating those programs.

How it happened: Researchers from Google's Project Zero and other security experts found the issue last year and reported it to AMD, Intel and ARM last June. Since then, the companies have been working on solutions. All the affected companies had planned to disclose the vulnerability next week, but moved forward the announcement as details, as well as proof-of-concept exploit code, began to leak out.

Industry response: Here's what the tech giants are doing to address the problem.

  • Microsoft issued updates for Windows 10, Windows 8 and Windows 7 as well as for its Azure cloud operating system
  • Amazon said Wednesday afternoon that "all but a small single-digit percentage of instances across the Amazon EC2 fleet" were already protected, with the remaining ones set to be finished in a few hours.
  • Google said it has released updates to Android and Chrome OS to address the issue and also has a feature in Chrome that users should turn on a feature known as "site isolation."
  • As of Wednesday evening, Apple had yet to comment on how its products are impacted.
  • Intel said it has been working with operating system vendors and hardware makers on industrywide approaches to addressing the issue and will also design future chips to avoid the issue.

The costs: Despite how widespread the problem is, Intel says it doesn't expect any significant financial impact. Other potential costs will be born by software makers creating patches and those that may see a performance impact from the software patches needed to close the security hole. It's also possible class-action lawyers may see this as a prime opportunity to litigate.

Get more stories like this by signing up for our daily tech newsletter, Login.

Go deeper

Austria approves COVID vaccine mandate for adults

A vaccination center installed at the Barbara Chapel of St Stephen's Cathedral in Vienna, Austria. Photo: Alex Halada/AFP via Getty Images

Austria's lower house of parliament voted on Thursday in favor of making COVID-19 vaccinations compulsory for most adults from next month.

Why it matters: The bill is expected to soon pass the upper house and be signed by President Alexander Van der Bellen in order for the law to take effect Feb. 1, per Reuters. It'd make Austria the first EU nation to impose such a sweeping mandate.

Hope King, author of Closer
Updated 4 hours ago - Economy & Business

Peloton pumps its brakes

Data: FactSet; Chart: Axios Visuals

Peloton’s popularity is falling as swiftly as it shot up.

Why it matters: Not all pandemic habits stick around. Peloton's trajectory over the past two years exemplifies how challenging it's been for companies to gauge shifts in consumer demand — particularly in sectors heavily altered by the pandemic.

Mitch McConnell's remarks on Black voters raise ire

Senate Minority Leader Mitch McConnell during a Capitol Hill news conference earlier this year. Photo: Anna Moneymaker/Getty Images

Senate Minority Leader Mitch McConnell (R-Ky.) has been widely criticized for comments he made this week about Black American voters.

Driving the news: When asked by a reporter Wednesday about concerns among voters of color, McConnell said "the concern is misplaced, because if you look at the statistics, Black American voters are voting in just as high a percentage as Americans."