Just after the new year, we learned of some significant Intel chip flaws that left computers and mobile devices vulnerable to two attacks known as Meltdown and Spectre. When Intel discovered the issue, the company may have made a critical misstep from a national security standpoint: It alerted Chinese customers and a small number of companies, including Chinese firms Alibaba and Lenovo, about its chip security issues before disclosing the vulnerability to the U.S. government, the Wall Street Journal reports.
In such a situation, it is OK for a company to reach out to customers first so that they’re able to develop patches and mitigate security concerns as quickly as possible before the news goes public. In this case, though, Intel’s original disclosure plans fell apart when news of the vulnerability leaked sooner than anticipated; the company wasn’t able to alert all of the companies it had originally planned.
“The Google Project Zero team and impacted vendors, including Intel, followed best practices of responsible and coordinated disclosure,” an Intel spokesperson said. “Standard and well-established practice on initial disclosure is to work with industry participants to develop solutions and deploy fixes ahead of publication. In this case, news of the exploit was reported ahead of the industry coalition’s intended public disclosure date at which point Intel immediately engaged the U.S. government and others.”
Some security researchers expressed concern that in alerting Chinese companies before the U.S. government, the Chinese government may have been able to exploit the security holes before patches were made widely available. At this point, there doesn’t seem to be evidence that the information was misused.
Intel currently faces several class-action lawsuits regarding Meltdown and Spectre, which affect nearly every desktop and mobile computing device on the planet. The suits allege Intel failed to fix the security flaws and failed to disclose the vulnerabilities in a timely fashion, and want compensation for the resulting slowed device performance anticipated in many devices. The chip flaw actually isn’t unique to Intel chips, though—it was also found in AMD, ARM, and other chip manufacturers’ products, too.
The best way to protect your devices and your data is to stay up to date with security updates. At this point, most OS makers, including Apple, Microsoft, and Google, have distributed patches to guard against most, if not all, of the threats posed by Spectre and Meltdown.