Intel failed to inform U.S. cyber security officials about the Meltdown and Spectre chip flaws ahead of when they leaked to the public even though Intel had advanced knowledge of the vulnerabilities, several tech companies said in letters sent out to lawmakers on Thursday.
According to Reuters, Apple and Google parent company Alphabet sent letters to Representative Greg Walden, who chairs the House Energy and Commerce Committee. Walden had previously questioned the tech companies about when the chip flaws were disclosed to Intel.
Alphabet said its Google Project Zero team informed Intel, AMD, and ARM about the chip vulnerabilities in in June and provided the three companies with 90 days to fix the problems before disclosing them.
Intel did not tell the U.S. Computer Emergency Readiness Team, aka US-CERT about the Meltdown and Spectre flaws until January 3, however, well after media reports went live. According to Intel, it did not disclose the vulnerabilities ahead of time because hackers had not exploited them.
Intel said it did not inform government officials because there was “no indication that any of these vulnerabilities had been exploited by malicious actors,” according to its letter.
At the time the flaws were discovered, Intel also did not do an analysis on whether the flaws could impact critical infrastructure because it did not believe industrial control systems could be impacted, but it did inform the technology companies that use its products.
News of Meltdown and Spectre, two chip flaws that impact all modern processors, first began circulating in early January. Meltdown and Spectre take advantage of the speculative execution mechanism of a CPU, and because they are hardware-based flaws, operating system manufacturers have been forced to implement software workarounds.
Apple first addressed Meltdown and Spectre in iOS 11.2, macOS 10.13.2, and tvOS 11.2 and has since mitigated both vulnerabilities with little to no impact on device performance.
In addition to questioning by the U.S. government over its failure to share information on the security flaws, Intel is also facing at least 32 Meltdown and Spectre lawsuits
Discuss this article in our forums