The Spectre and Meltdown flaws were enough to make people uncomfortable, a report published by the Wall Street Journal sheds more light on the matter.
The publication, claiming sources, reported that Intel informed some of their customers about the vulnerabilities before the US government including Microsoft, Amazon, and Chinese companies Alibaba and Lenovo.
However, Intel didn’t tell the names of any of its customers whom it contacted regarding the speculative execution vulnerabilities and to figure out the fixes.
An Intel spokesperson said that the company was unable to notify others, including the US government, as the bugs were made public earlier than the decided date which was January 9.
Although there is no evidence, assumptions are being made that the Chinese government which regularly monitors almost everything in their internet space could have harvested this information and used it to exploit loopholes before the patches were released.
According to former NSA staffer Jake Williams who now owns a cybersecurity firm called Rendition Infosec, vulnerabilities like Meltdown and Spectre would have sparked the interest of any intelligence organization.
With the knowledge of vulnerabilities of that scale, the situation for Intel, in fact, almost any company, becomes tough when deciding how it should be disclosed and to whom without spilling the beans. They might not want themselves to be answerable for any consequences if something goes wrong.
Submitted by: Arnfried Walbrecht