Intel warned Chinese firms about its infamous Meltdown and Spectre processor vulnerabilities before informing the US government, it has emerged.
Select big customers – including Lenovo and Alibaba – learned of the design blunders some time before Uncle Sam and smaller cloud computing suppliers, The Wall Street Journal reports, citing unnamed people familiar with the matter and some of the companies involved.
The disclosure timeline raises the possibility that elements of the Chinese government may have known about the vulnerabilities before US tech giant Intel disclosed then to the American government and the public.
The Meltdown and Spectre chip flaws were first identified by a member of Google’s Project Zero security team shortly before they were independently uncovered and reported by other teams of security researchers. “Intel had planned to make the discovery public on Jan. 9… but sped up its timetable when the news became widely known on Jan. 3, a day after U.K. website The Register wrote about the flaws,” the WSJreports.
Intel worked on addressing the vulnerabilities with security researchers at Google and other teams that uncovered the processor vulnerabilities as well as PC makers – specifically, the larger OEMs – and cloud-computing firms. Those informed included Lenovo, Microsoft, Amazon and Arm.
The WSJ omits any mention of when notification was made to Lenovo et al, but a leaked memo from Intel to computer makers suggests that notification of the problem for at least one group of as-yet unnamed OEMs took place on November 29 via a non-disclosure agreement, as previously reported.
Lenovo was quick out the gate on January 3 with a statement advising customers about the vulnerabilities because of work it had done “ahead of that date with industry processor and operating system partners.”
www.theregister.co.uk/2018/01/29/intel_disclosure_controversy/
CPU maker Intel told CHINA about there CPU bugs before telling US govt!
Views: