Intel hid CPU bugs info from govt 'until public disclosure'

The information was revealed in letters sent by Intel and tech companies Apple and Alphabet to Greg Walden, a member of the House of Representatives who chairs the House Energy and Commerce Committee, Reuters reported.

The flaws were reported to Intel in June 2017 by Google and the former was given the standard 90 days to fix them before they were publicly disclosed. This grace period was extended more than once, before 9 January was set as the final date.

However, when news of the flaws broke prior to this, Google went public on 3 January.

{loadposition sam08}The two flaws are in Intel processors made since 1995. Meltdown removes the barrier between user applications and sensitive parts of the operating system.

Spectre, which is also reportedly found in some AMD and ARM processors, can trick vulnerable applications into leaking the contents of their memory.

Intel's response to Walden was that it did not inform the US Computer Emergency Readiness Team, or US-CERT, as there was "no indication that any of these vulnerabilities had been exploited by malicious actors".

The company said it did not carry out any analysis of whether the flaws might be exploitable on critical infrastructure as it thought that this might not be the case, but said that it had informed some other technology companies.

Alphabet's letter said it had left the decision of informing US-CERT up to Intel.

Walden also sought answers from Microsoft, AMD, ARM and Amazon. Microsoft said it had informed some anti-virus software companies about the flaws a number of weeks they were finally publicly disclosed.

As iTWire reported recently, Intel faces a total of 33 lawsuits over the two flaws. Additionally, the Boston law firm of Block & Leviton is preparing a class action lawsuit against Intel chief executive Brian Krzanich for allegedly selling a vast majority of his Intel stock after the company was notified of the two security flaws and before they became public.