Intel CEO promises speedy patches for security flaw

Read time 3min 30sec
Intel promises transparent and timely communications with customers.
Intel promises transparent and timely communications with customers.

Intel says by today, it will have issued updates for at least 90% of Intel CPUs introduced in the past five years, with updates for the remainder available by the end of the month.

This is according to an open letter from Intel CEO Brian Krzanich, to technology industry leaders, in which he promised "transparent and timely communications" with customers following the disclosure of security flaws in its microchips.

Earlier this month, the world's largest chipmaker confirmed the security issues reported by researchers in the company's widely used microprocessors could allow hackers to steal sensitive information from computers, phones and other electronic devices.

Researchers with Alphabet's Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws.

The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer's memory, potentially letting hackers read a computer's memory and steal passwords.

The second, called Spectre, affects chips from Intel, AMD and ARM, and lets hackers potentially trick otherwise error-free applications into giving up secret information.

"Following announcements of the Google Project Zero security exploits, Intel has continued to work closely with our partners with the shared goal of restoring confidence in the security of our customers' data as quickly as possible," Krzanich said.

"I am very proud of how our industry has pulled together and want to thank everyone for their extraordinary collaboration. In particular, we want to thank the Google Project Zero team for practising responsible disclosure, creating the opportunity for the industry to address these new issues in a coordinated fashion."

The group will focus on issuing updates for older products "as prioritised by our customers". He said the company is committed to providing frequent progress reports on patch progress, performance data and other information via its Web site.

Reboot issues

Intel said last week that recently issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.

Navin Shenoy, executive VP and GM of the company's data centre group, said Intel had received reports about the issue and was working directly with data centre customers to "discuss" the issue.

"We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels," Shenoy said.

"End-users should continue to apply updates recommended by their system and operating system providers," he added.

Ongoing security assurance

Krzanich said security is an ongoing priority for the company, "not a one-time event".

"To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks."

He said Intel will also add incremental funding for academic and independent research into potential security threats.

"Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress.

"The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve," Krzanich concluded.

Login with