Intel didn’t disclose U.S. Government about CPU flaws until vulnerabilities went public

CPU flaws

In a letter to MPs on Thursday, several tech companies pointed out that Intel failed to disclose details of “Meltdown” and “Spectre” processor vulnerabilities to U.S. cyber officials in a timely fashion until the issue was publicized – Even Intel has a deep understanding of these vulnerabilities. According to Reuters, Alphabet, and Apple, the parent company of Google, sent the letter to Greg Walden, chairman of the House of Representatives for Energy and Commerce, who had previously questioned the matter.

 

Alphabet pointed out that in June last year, the Google Project Zero team informed Intel, AMD, and ARM about the chip loophole. They were given 90 days to fix before they were exposed to the public.

Unfortunately, until January 3, Intel did not disclose the matter to the US Computer Emergency Response Agency (US-CERT) until the media coverage. In this regard, the company’s explanation is “there is no sign that these loopholes have been exploited by malicious operators.”

Intel did not analyze whether these pitfalls “could affect critical infrastructure” when it discovered defects, as the company did not believe that industrial control systems would be affected, but it did inform technology companies using their products.

 

These two vulnerabilities, exposed in early January of this year, have affected all modern processors. They use CPU speculative execution mechanisms to expose access to user data. To make matters worse, because this is a hardware flaw, operating system manufacturers can only try to make up for by software patches.

Apple took the lead in iOS 11.2, macOS 10.13.2, tvOS 11.2 deployment of mitigation measures, Fortunately, the device performance is not caused much impact. As for Intel, it also faces at least 32 related lawsuits in addition to the timely ventilation to US-CERT.

Source: MacRumors