Following yesterday’s confirmation that exploits of insecure memory can impact millions of Intel processors, ARM today confirmed that numerous Cortex series processors are exploitable, as well. ARM Cortex technology has notably been used in a wide variety of Android and iOS devices, as well as in select Nvidia Tegra products, Qualcomm Snapdragon chips, and Sony’s PlayStation Vita.
After describing four different exploits that could be used against its processors, ARM posted a chart acknowledging that its Cortex-A8, -A9, -A15, -A17, -A57, -A72, -A73, and -A75 chips are all susceptible to two or more exploits. The first three Cortex processors were used in older Apple iOS, Nvidia Tegra, and Samsung Exynos devices, as well as Sony’s PlayStation Vita, while the last five are found in some Google-branded phones, and other phones built with certain Qualcomm Snapdragon chips.
Given the wide licensing of ARM Cortex technology for differently branded chips and the varying degrees to which individual manufacturers have customized the Cortex processors, compiling an exhaustive list of devices impacted by the exploits is almost impossible. However, Cortex-A8, -A9, and -A15 technologies were known to be used in the first three iPads, original iPad mini, iPhone 4/4S/5/5C, iPod touch 4G/5G, and Apple TV 2G/3G. Nvidia’s Tegra 2, 3, 4, and K1 also used these ARM processors, as did Samsung’s Exynos 3110, 4, and 5 chips. It remains unclear whether Apple’s A-series chip designs — including both customized Cortex chips and later processors Apple developed in-house — protected against the exploit earlier or later than ARM did.
Practically speaking, protecting ARM-based devices against the exploits requires different approaches depending on the specific chip and operating system. ARM is directing Android and “other OS” users to seek patches from their devices’ OS providers, while offering ARM-developed “software mitigations” for Linux.
Google has released patches for its Android products, but other Android devices are awaiting patches from their vendors. Apple has not yet publicly addressed the issue to say which devices are affected, nor has it shared its solution. Patches for the exploits of Intel processors have caused task-dependent performance hits ranging from 5-30 percent on certain chips. The performance impact on ARM processors, if any, has yet to be established.