Chip-maker Intel has said it is working with other major tech firms to fix flaws that could allow hackers to steal personal data from computer systems.The issue was originally linked to a flaw in Intel’s chips, but the firm said this was “incorrect”.”Many types of computing devices – with many different vendors’ processors and operating systems – are susceptible to these exploits,” Intel said. Google researchers first discovered the flaw last year. Google said the problem affected the basic electronic systems behind many devices such as computers and mobile phones. Microsoft and Apple – which both use Intel chips – are expected to roll out security updates soon. The UK’s National Cyber Security Centre (NCSC) said there was no evidence that the vulnerability had been exploited.Intel said on Wednesday it had been working with other firms on an industry response for months.On a conference call for investors, the firm said the researchers showed that hackers could exploit vulnerabilities, gaining the ability to read memory and potentially access information such as passwords or encryption keys.Some fixes, in the form of things like software updates, have been introduced or will be available in the next few days; others will take longer.The companies had planned to release a report on the issue later this month.
Analysis by Chris Foxx, technology reporterOften when researchers discover a security problem, they share the information with the affected company so the issue can be fixed.Typically, both parties agree not to publicise the problem until a fix has been implemented, so that criminals cannot take advantage of the issue.This time it looks like somebody jumped the gun and information was leaked before a software fix was ready for distribution. Intel said it had planned to share information next week, and several security researchers have tweeted that they have made a secrecy pact with the chip-maker.That leaves the company in an uncomfortable situation, with a widely-publicised problem before the fix is ready to go.
The NCSC said it was aware of the reports of the potential flaw.”The NCSC advises that all organisations and home users continue to protect their systems from threats by installing patches as soon as they become available.”Experts advised caution on the issue.”It is significant but whether it will be exploited widely is another matter,” said Prof Alan Woodward, from the University of Surrey.