Intel Patched Over 230 Vulnerabilities in Its Products in 2019:
Intel patched over 230 vulnerabilities in its products last year, but less than a dozen impacted its processors, according to the company's 2019 Product Security Report.
Intel said it learned of 236 vulnerabilities in 2019, including 144 discovered internally by its employees. Internally discovered issues included 61% of the vulnerabilities rated high severity, and 75% of those rated critical. In total, 4 flaws were rated critical and 81 were classified as high severity.
Three quarters of the vulnerabilities reported by external researchers were submitted through the company's bug bounty program.
"Combining Bug Bounty and internally found vulnerabilities, the data shows that 91% of the issues addressed are the direct result of Intel's investment in product assurance," the company wrote in its report.
The chip maker says only 11 vulnerabilities affected its CPUs, with an average yearly CVSS score of 5.02. This includes the MDS flaws named ZombieLoad, Fallout and RIDL.
"As acknowledged by security researchers and industry experts, side-channel issues are difficult to exploit and often require a level of access to the target system that would afford would be attackers more efficient and reliable methods of obtaining and exfiltrating information," Intel explained.
Of the 236 vulnerabilities found last year in the company's products, 112 affected software, 59 affected firmware and 13 impacted hardware. In the case of 52 vulnerabilities, patching required both software and firmware updates.
(Score: 4, Funny) by Bot on Monday March 02 2020, @06:49PM (4 children)
they almost ran out of backdoors...
Account abandoned.
(Score: 2) by jasassin on Monday March 02 2020, @07:51PM (3 children)
Awesome! Modded you up. The funny key word is "almost". Classic post man. Props!
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 2) by Bot on Wednesday March 04 2020, @08:17PM (2 children)
> man
-.-
Account abandoned.
(Score: 2) by jasassin on Tuesday March 17 2020, @08:46PM (1 child)
Bah!
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 2) by Bot on Tuesday March 17 2020, @10:14PM
Not sheep either...
Account abandoned.