Intel CEO made $24 mn in stock sale before bug disclosure, company denies
San Francisco: After tech firms rushed to fix security flaws in chips that hackers can exploit, reports surfaced that Intel CEO Brian Krzanich sold off $24 million worth of stock and options last year after the chip-maker became aware of security bugs.
According to a Sky News report late on Thursday, Intel was notified by Google in June last year of a flaw in its processor chips. "Regulatory filings showed Krzanich pocketed about $25 million before tax from the sale of stocks and options in late November," the report added.
Intel, however, said Krzanich's sale had nothing to do with chip vulnerability.
"Brian's sale is unrelated. He continues to hold shares in-line with corporate guidelines," the report said, citing an Intel statement.
The two security flaws, dubbed as "Spectre" and "Meltdown", reported by Google "Project Zero" and British tech website the Register, is not unique to Intel chips and also affect AMD and ARM processors.
In its latest statement, Intel said on Friday that it is rapidly issuing updates for all types of Intel-based computer systems -- including personal computers and servers -- that render those systems immune from both exploits.
"Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years," the company said.
"Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time," the company said.
Meanwhile, Apple broke the silence, admitting that all Mac systems and iOS devices were affected but are safe at the moment.
"These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected but there are no known exploits impacting customers at this time," Apple said in a blog post late on Thursday.
"Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store," the company added.
"Meltdown" and "Spectre" issues take advantage of a modern CPU performance feature called "speculative execution".
"Speculative execution" improves speed by operating on multiple instructions at once - possibly in a different order than when they entered the CPU.
"Meltdown" and "Spectre" exploitation techniques abuse "speculative execution" to access privileged memory - including that of the kernel - from a less-privileged user process such as a malicious app running on a device, Apple said.
To safeguard its customers from potential security bugs in chips, Google also deployed a novel chip-level patch across its entire infrastructure, resulting in only minor declines in performance in most cases.
"We developed a novel mitigation called 'Retpoline' -- a binary modification technique that protects against 'branch target injection' attacks," Matt Linton, Senior Security Engineer and Pat Parseghian, Technical Programme Manager at Google, wrote in a joint blog post.
"We shared 'Retpoline' with our industry partners and have deployed it on Google's systems, where we have observed negligible impact on performance," the engineers added.
Software major Microsoft has already issued emergency updates to supported versions of Windows. Amazon was also reportedly working on security updates to their Cloud services and other products.