Hardware vulnerabilities: Intel closed more than 200 loopholes in 2021

[ad_1]

Intel is confident: In 2021, fewer security gaps were found in its own hardware than in the previous two years, albeit only just with a gap of 226 (2021) to 231 (2020) to 236 (2019). Intel itself was involved in discovering most of the errors, on the one hand through its own research teams, on the other hand with a paid bug bounty program.

Most vulnerabilities affected the company’s own integrated graphics units (52), network cards (34) and software applications (also 34). The processors added 22 new ones, including a good handful of “high” risk.

Meanwhile, within the bug bounty program, reporting a vulnerability earns between $500 and $100,000, depending on the severity of the vulnerability and the size of the report. With the Project Circuit Breaker, Intel intends to expand cooperation with the security community from now on. Within this program are month-long events in which Intel hands out specific hardware and works with researchers to find security vulnerabilities – also with cash rewards. It starts with hardware that is no longer up-to-date: Tiger Lake processors from the previous generation Core i-11000.

In the 2021 report, Intel summarizes that half of the 226 closed security gaps were found internally. Third parties drew attention to a further 97 security gaps via the bug bounty program. The remaining 16 vulnerabilities were reported by universities without Intel’s involvement.

In particular, Intel’s Converged Security and Management Engine (CSME) is now in a much better position than in previous years, when the proprietary security hardware repeatedly lost its fat due to serious gaps. At that time, the CSME still operated under the name Intel Management Engine (IME). In 2021, Intel identified six “medium” risk vulnerabilities, not a single one was reported externally.


(Image: Intel)

Of course, a dig at AMD shouldn’t be found in an Intel presentation with statistics. Intel highlights that in 2021 more vulnerabilities were found in AMD processors (31) than Intel reported in its own (16 + 6 externally discovered). The GPUs are 51 (Intel) to 27 (AMD), but Intel notes in the footnotes that 23 of its own security vulnerabilities affect the purchased AMD Radeon GPU from the Kaby Lake-G processor series (Core i-8000G).


(mma)

To home page

[ad_2]

Source link -64