Intel covered up Meltdown and Spectre security flaws, claim Apple and Google

Intel didn't bother telling US-CERT about the vulnerabilities until information about them was leaked in January

Intel has been accused of intentionally covering up the Meltdown and Spectre CPU security flaws, only admitting to the vulnerabilities embedded within their microprocessors after the details were leaked in January.

That's according to Google-owner Alphabet and Apple in letters sent to US Congressmen investigating the problem. Intel has also contributed its side of the story to lawmakers.

In a number of letters seen by Reuters, the companies wrote that Intel didn't make the issue known to the US Computer Emergency Readiness Team (US-CERT) until they leaked to the public.

This was six months after Google's security researchers notified the chipmaker in June, which started the 90-day notice period for the chip giant to fix the issues before they were made public. According to the letter from Intel's rival AMD, Google extended its 90-day deadline twice - first to 3 January, then to 9 January.

In fact, it wasn't until 3 January this year that Intel informed US-CERT, which was well after reports of the Meltdown and Spectre bugs had begun to spread. This has led to current and former US government officials raising concerns because the flaws potentially held national security implications.

However, Intel claims that it didn't believe the flaws needed to be shared with US authorities as hackers, if they were aware of them, had not yet exploited the vulnerabilities in the wild.

It added that it did not perform an analysis of whether the flaws might harm critical infrastructure, according to Reuters, because it did not think it could affect industrial control systems. Intel claims that it did inform other technology companies about the issue, according to its letter.

The letters were sent by Intel, Alphabet, Microsoft, AMD, Apple and others on Thursday in response to questions from US Representative Greg Walden, an Oregon Republican who chairs the House Energy and Commerce Committee.

Microsoft claimed in its letter that it did inform a number of anti-virus software vendors about the flaws "several weeks" before the planned public disclosure in order to give them time to avoid compatibility issues.

This follows the news that Intel has been hit by 32 lawsuits so far over the Meltdown and Spectre flaws found in its CPUs. Rival AMD is also affected, but to a much lesser extent - only the Spectre flaw applies to AMD microprocessors, including its latest Ryzen CPUs, and AMD claims that even this is much less of a risk on its architecture.

Intel is being hit from two sides, with customer class-action lawsuits suing it for "monetary damages and equitable relief" and the securities lawsuits claiming that Intel's top executives failed in their fiduciary duty to keep the shareholders - the owners of the business - properly informed.

The latter argue that Intel "violated securities laws by making statements about its products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities".

A trio of shareholders have each filed shareholder derivative actions against Intel, which allege that specific members of its board and leading officers failed to take action relating to insider trading.