Sign up for The Download — your daily dose of what's up in emerging technology
When Intel and a group of security researchers revealed the existence of new security flaws in older generations of the company’s microchips in May, the news came with a particularly troubling detail: it took over a year to get a solution for one of the flaws in place.
Researchers say they alerted Intel to the vulnerability, which they dubbed ZombieLoad, in April 2018, yet a fix for it was not rolled out broadly until last month. By comparison, software companies typically take no more than 90 days to issue patches after a vulnerability has been discovered in their code. The longer a flaw remains unaddressed, the greater the chance a hacker will find it.
Daniel Gruss, a professor at Graz University of Technology in Austria and one of the researchers who helped bring ZombieLoad to light, thinks things could move faster. In an email to MIT Technology Review, Gruss says that when he and fellow researchers notified Intel of the vulnerability last April, they provided an independently verified proof of concept to show it was a genuine issue. In May 2018, they provided Intel with further details about the flaw, which could allow hackers to get hold of sensitive data from applications running on machines.
Intel says it couldn’t initially reproduce the security hole researchers had flagged and therefore needed more evidence before taking any action. Earlier this year, it finally established that there was indeed a vulnerability and rolled out the fix.
The tension underlines the challenges of deal ..
Support the originator by clicking the read the rest link below.
