This week, Intel released a security update to fix dozens of security vulnerabilities, including one it said six months ago it had fixed but had not. Cristiano Giuffrida, a computer science professor at Free University amsterdam who was one of the vulnerability reporters, said the public information from Intel was fixed, but we know it’s not accurate.
Many researchers usually give businesses time to remain silent until patches are released before they disclose them. But the Dutch researcher said Intel abused the process and recommitted it, and its latest release of the patch did not fix another vulnerability they reported in May.
Intel’s vulnerabilities are similar, allowing attackers to steal sensitive data such as passwords and keys from the processor.
Intel says its patches significantly reduce the risk of attack, but it doesn’t fully fix problems reported by researchers.