Intel shared interesting statistics at a recent RSA 2020 conference in the USA. It turns out that only 5% of the vulnerabilities (11 of 236) fixed by the company’s engineers last year were related to processors.
All these 11 vulnerabilities were side-channel problems, that is, they allowed attacks on third-party channels, for the operation of which the architecture and structure of Intel processors were used. So, in particular, we are talking about such “heirs” of the Meltdown and Specter vulnerabilities as Spoiler, RIDL, Fallout and ZombieLoad, ZombieLoad 2, NetCAT, TPM-FAIL, Plundervolt.
The company’s researchers emphasize that vulnerabilities of this kind are extremely difficult to exploit, and examples of their exploitation in practice, outside of test laboratories, have not yet been recorded. In addition, Intel has released microcode updates to address all of these errors.
It should also be said that shortly after discovering the problems of Meltdown and Specter, Intel launched its own bug bounty program, in which researchers are asked to look for side-channel problems in the company’s products, and the reward is up to $ 250,000.
And Intel’s reward for vulnerabilities wasn’t limited to just one. An internal security team was also created, which included the world’s leading information security researchers. The goal of this group is to find vulnerabilities in Intel products faster than attackers, and preferably before the products reach store shelves.
Apparently, the creation of this group paid off, since, according to a recent report by the company, in 2019, 144 of 236 discovered vulnerabilities (61%) were discovered by Intel employees themselves.
It is also reported that of the 92 vulnerabilities that the company was notified by third-party researchers, 70 (76%) were brought to the attention of Intel through the official vulnerability search program. That is, bug bounty also fully justifies itself.
Intel emphasizes that none of the 236 vulnerabilities fixed in 2019 were used in real attacks (at the time of publication of the problem data).
Recently news
Intel processors discovered a vulnerability called CrossTalk
New Snoop Vulnerability Threats Intel Processors
768 stream processors and a frequency of 1.3 GHz. Disclosed are the characteristics of the Intel Xe GPU, which is part of the Core i7-1165G7 processor
746 arrests, 2 tons of drugs, 54 million pounds and dozens of weapons. EncroChat anonymous service successfully hacked in Europe
Intel Core i7-10700K made it into the Top 10 Mindfactory processors, slightly weakening Ryzen’s total superiority
BlueLeaks: activists published data of 200 police agencies in the public domain