Intel chip security flaws affecting all Macs, as well as Windows and Linux machines, still exist, say security researchers–despite the claims of the chipmaker to fix them. Similar flaws have been identified and patched in ARM processors, but at this stage there is no suggestion that further issues remain in these processors.
Last year, the’ fundamental design flaw’ in Intel’s CPUs came to light, with Spectre and Meltdown called the security vulnerabilities. This would allow an attacker to view kernel memory data that could span anything from cached documents to passwords.
Apple and Microsoft have issued updates based on Intel fixes, but security researchers claim they have found new variants of the flaws that the chipmaker has taken six months to patch–and still remain unpatched.
The New York Times notes that as a result of concerns that Intel is misleading people, the researchers have now become public.
Responsible security researchers first disclose their results privately to the companies involved, usually allowing them to solve the problem for six months before they go public. It normally works well, enabling suppliers of hardware and software to build patches while informing the public about the need for updating.
The group cooperated with Intel for as long as it could, say the researchers, but ultimately they decided that public disclosure was important, first to try to shame the company on behaving, and second because information of the flaws were already beginning to leak, which would allow bad actors to create exploits.