The team cooperated with Intel for as long as it could, say the researchers, but eventually they decided that public disclosure was necessary, first to try to shame the company into acting, and second because details of the flaws were already beginning to leak, which would allow bad actors to create exploits. But they “greatly reduce” the risk of attack, said Leigh Rosenwald, a spokeswoman for the company. Intel acknowledged that the May patch did not fix everything the researchers submitted, nor does Tuesday’s fix. This normally works well, providing hardware and software suppliers time to create patches, while the public is informed about the need to update.īut the Dutch researchers say Intel has been abusing the process They said the new patch issued on Tuesday still doesn’t fix another flaw they provided Intel in May. Responsible security researchers first privately disclose their findings to the companies concerned, typically allowing them six months to fix the problem before they go public. The public message from Intel was “everything is fixed,” said Cristiano Giuffrida, a professor of computer science at Vrije Universiteit Amsterdam and one of the researchers who reported the vulnerabilities. The software patch meant to fix the processor problem addressed only some of the issues the researchers had found Last May, when Intel released a patch for a group of security vulnerabilities researchers had found in the company’s computer processors, Intel implied that all the problems were solved.īut that wasn’t entirely true, according to Dutch researchers at Vrije Universiteit Amsterdam who discovered the vulnerabilities and first reported them to the tech giant in September 2018. The New York Times reports that the researchers have now gone public as a result of concerns that Intel was misleading people. They would allow an attacker to view data in kernel memory, which could span anything from cached documents to passwords …Īpple and Microsoft issued patches based on Intel fixes, but security researchers say they identified additional variants of the flaws which the chipmaker took six months to patch – and further unpatched vulnerabilities remain. The ‘fundamental design flaw’ in Intel’s CPUs came to light last year, with the security vulnerabilities dubbed Spectre and Meltdown. Similar flaws were found and patched in ARM processors, but there is no suggestion at this stage that further issues remain in these. Intel chip security flaws that affect all Macs, as well as Windows and Linux machines, still exist, say security researchers – despite the chipmaker’s claims to have fixed them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |