Alphabet pointed out that in June last year, the Google Project Zero team informed Intel, AMD, and ARM about the chip loophole. They were given 90 days to fix before they were exposed to the public.
Unfortunately, until January 3, Intel did not disclose the matter to the US Computer Emergency Response Agency (US-CERT) until the media coverage. In this regard, the company’s explanation is “there is no sign that these loopholes have been exploited by malicious operators.”
Intel did not analyze whether these pitfalls “could affect critical infrastructure” when it discovered defects, as the company did not believe that industrial control systems would be affected, but it did inform technology companies using their products.
These two vulnerabilities, exposed in early January of this year, have affected all modern processors. They use CPU speculative execution mechanisms to expose access to user data. To make matters worse, because this is a hardware flaw, operating system manufacturers can only try to make up for by software patches.
Apple took the lead in iOS 11.2, macOS 10.13.2, tvOS 11.2 deployment of mitigation measures, Fortunately, the device performance is not caused much impact. As for Intel, it also faces at least 32 related lawsuits in addition to the timely ventilation to US-CERT.
Source: MacRumors
