Previous patches did not fully address chip vulnerabilities.It turned out that Intel’s CPU security fix in May didn’t solve everything the company mentioned. Intel has released another patch that cannot close the running flaw, speculating that an attacker can swipe passwords and other sensitive information. Intel said the mitigation measures should substantially reduce the likelihood of an attack. That doesn’t solve the problem completely, but Intel promises to fix microcode at the CPU level in the future. However, there is more concern about how Intel handled these vulnerabilities for the first time.Warning Intel on the issue The researcher at the Briye University Amsterdam said the New York Times said that Intel should obviously ignore core proof-of-concept attacks when developing a monthly update, and even discover relevant flaws without a ready-made example. The team, still aware of the problem, quietly refused with the November patch. There is also criticism of Intel’s overall approach. Instead of addressing the underlying issue, we’re focusing more on variations of the patch.The initial issues affected many processors released since 2011 and applied regardless of operating system. Software-level patches mitigate some security issues with Intel microcode solutions.I asked Intel. This is bad for the chip giant, regardless of the response.
As the researchers warned, the general secret governing the disclosure of vulnerabilities can harm users here. Hackers can take advantage of security loopholes that people have not yet disclosed, and the flaw itself was not so secret. It leaked until the researchers found out about their findings. Before we can trust Intel’s CPU more, significant work can be done, including significant chip design changes.ET: Intel tells Engadget that they are “very public” about their approach to disclosure and have taken “seriously” regardless of who discovered all the vulnerabilities. You can read the full text below. The company also pointed out Twitter comments by Daniel Gruss, who played a role in the public. Gruss said that Intel took “very seriously” the concern and last year improved “substantially” the approach. These are fair points, but it’s true that Intel hasn’t patched all known issues all at once, and still has communication problems.
“We are committed to addressing security vulnerabilities affecting our customers and providing responsible guidance on solutions, impacts, severity and mitigation. We handle disclosures, including strong belief in the value of coordinated disclosures. We were very open about how to take seriously any potential security vulnerability found internally or externally and actively cooperate with all parties. You should take mitigation before publishing.