Article 504NV Intel Patched Over 230 Vulnerabilities in Its Products in 2019

Intel Patched Over 230 Vulnerabilities in Its Products in 2019

by
Fnord666
from SoylentNews on (#504NV)

upstart writes in with an IRC submission for Bytram:

Intel Patched Over 230 Vulnerabilities in Its Products in 2019:

Intel patched over 230 vulnerabilities in its products last year, but less than a dozen impacted its processors, according to the company's 2019 Product Security Report.

Intel said it learned of 236 vulnerabilities in 2019, including 144 discovered internally by its employees. Internally discovered issues included 61% of the vulnerabilities rated high severity, and 75% of those rated critical. In total, 4 flaws were rated critical and 81 were classified as high severity.

Three quarters of the vulnerabilities reported by external researchers were submitted through the company's bug bounty program.

"Combining Bug Bounty and internally found vulnerabilities, the data shows that 91% of the issues addressed are the direct result of Intel's investment in product assurance," the company wrote in its report.

The chip maker says only 11 vulnerabilities affected its CPUs, with an average yearly CVSS score of 5.02. This includes the MDS flaws named ZombieLoad, Fallout and RIDL.

"As acknowledged by security researchers and industry experts, side-channel issues are difficult to exploit and often require a level of access to the target system that would afford would be attackers more efficient and reliable methods of obtaining and exfiltrating information," Intel explained.

Of the 236 vulnerabilities found last year in the company's products, 112 affected software, 59 affected firmware and 13 impacted hardware. In the case of 52 vulnerabilities, patching required both software and firmware updates.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments