Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago

[InfoSec News <alerts () infosecnews org>]

https://www.nytimes.com/2019/11/12/technology/intel-chip-fix.html

By Kim Zetter
The New York Times
November 12, 2019

Last May, when Intel released a patch for a group of security vulnerabilities 
researchers had found in the company’s computer processors, Intel implied that 
all the problems were solved.

But that wasn’t entirely true, according to Dutch researchers at Vrije 
Universiteit Amsterdam who discovered the vulnerabilities and first reported 
them to the tech giant in September 2018. The software patch meant to fix the 
processor problem addressed only some of the issues the researchers had found.

It would be another six months before a second patch, publicly disclosed by the 
company on Tuesday, would fix all of the vulnerabilities Intel indicated were 
fixed in May, the researchers said in a recent interview.

The public message from Intel was “everything is fixed,” said Cristiano 
Giuffrida, a professor of computer science at Vrije Universiteit Amsterdam and 
one of the researchers who reported the vulnerabilities. “And we knew that was 
not accurate.”

The Intel flaws, like other high-profile vulnerabilities the computer security 
community has recently discovered in computer chips, allowed an attacker to 
extract passwords, encryption keys and other sensitive data from processors in 
desktop computers, laptops and cloud-computing servers.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_