Nearly two months after it was disclosed and 9 months since it was first discovered, Intel has finally issued a fix for Spectre Variant 2. The company patched the first variant of Meltdown and Spectre last month, but the fix for the second variant was broken.
Last week, Intel issued a fix for its newer Skylake, Kaby Lakes, and Coffee Lakes chips. The company is now following up with a release for older Broadwell and Haswell series CPUs. With this patch, all chips should now be protected against Meltdown and Spectre.
When the CPU Kernel level flaw was disclosed by Google on Jan. 6, Intel acted quickly with a patch. However, one of the three Meltdown and Spectre variant patches resulted in problems for users.
The company’s patches to fix the problem caused rebooting problems across many older systems. Intel believed the patch bug affected only Broadwell and Haswell chips. However, internal testing later found the vulnerability also affects machines powered by Skylake and Kaby Lake chips. The company was forced to urge users to avoid the fix.
Intel is also still putting fires in terms of explaining why it told core customers before the US government. Microsoft, Apple, Google, Amazon and other tech giants new about Meltdown and Spectre months before the Department of Homeland Security. Indeed, the CERT/CC (Computer Emergency Readiness Team Coordination Center) only knew about the flaw when Google disclosed it.
Intel is now explaining why it held back:
“The US Computer Emergency Readiness Team was first informed of the exploits through public disclosure on January 3, 2018. Intel promptly discussed this disclosure with US-CERT on that day and again two days later, on January 5, 2018,” it said.
Two weeks ago, we reported on the glut of lawsuits Intel is now facing. A total of 32 lawsuits are currently active against the company and more are likely to follow. Intel says 30 customer filings have been made, along with two security class action lawsuits.