Intel has a history at the forefront of security protections, especially as it leads the industry development of core processors. Unfortunately, the corporation is also known for its inevitable security breaches as it continues to explore unknown frontiers in CPU development. Earlier this week, a big weak spot was exposed in generations 6 through 11, leaving literal billions of CPUs vulnerable to an execution flaw known as CVE-2022-40982, or Downfall.
Named by the individual who discovered the existence of this Gather Data Sampling bug in core processors, Downfall is known to target the most critical weakness found across several generations of CPUs dating back as far as 2014. It specifically targets an exploit that would allow malicious software to access different types of private data.
Downfall is reported to have affected billions of CPUs across the world, including consumer chips and Xeon Intel CPUs. FAQ and additional information are available at Downfall.page. (Image source: Downfall)
This vulnerability is one of the most dangerous exposures ever, with many companies reporting that x86 chip models are fundamentally flawed. The issue is exacerbated by the fact that Intel and Chipzilla have been aware of Downfall’s presence for years.
A new class-action lawsuit reveals that the company actually discovered this bug as early as 2018, but chose to keep its knowledge under wraps. The individual who discovered Downfall tried to report it to Intel in 2022, but there were again no attempts to fix this glaring issue. To make matters even worse, the company revealed that it knew about the possibility of cybersecurity attacks on millions of sold products, rendering many people’s computers too dangerous or just plain useless.
Intel has chosen not to publicly comment on the class-action lawsuit or the willing exposure of the Downfall security vulnerability. (Image source: Intel Newsroom)
2018 was a record-breaking year for cybersecurity vulnerabilities at Intel. The widespread discovery of some of the most dangerous security issues ever, Meltdown and Spectre, were addressed by quick action and a bug fix to protect consumer products from a data breach.
With Downfall, though, the company has been dragging its feet. Though the vulnerability has been discovered for at least five years, it has existed for almost ten. Affected CPUs include generations that were developed in 2014, as well as current generations still being manufactured today.
It is already possible that users have unwittingly given access to private information such as bank passwords, encryption keys, and other protected items. Without publicly disclosing this information, Intel set itself up quite nicely for this emerging class-action litigation. As this is not the only lawsuit that Intel is facing right now, it is an understatement to say that Intel is contending with a legal firestorm of its own creation.
- YOU MAY ALSO LIKE: PlayStation Removes Half of Its Live Service Games