Many companies recently have been affected and criticised over the Meltdown and Spectre flaws, which mainly affected the devices powered by an ARM, Intel or AMD chip and allowed easy access to personal information.
To further add to this, a letter issued by Congress of United States House Energy and Commerce Committee has been sent to some companies regarding the Meltdown and Spectre flaws. The companies include Microsoft, Apple, Google, Amazon, Intel, AMD and ARM. The letter demands explanations by the companies to some questions regarding the issue.
According to the letter, the companies were aware of this vulnerabilities in June 2017 because of the Project Zero by Google and made an embargo which didn’t allow any disclosure of the information about these flaws until 9th January 2018. During this embargo period, companies planned to mitigate the flaws by updates and eventually disclose to users after fixing the problem. However, even with the embargo, information regarding this leaked before disclosure and companies had to announce publicly, 1 week before the supposed date.
Companies are being asked some questions through this letter regarding this flaw with last day to respond being 7th February 2018. Some questions include, What company proposed the embargo, why was an embargo related to these vulnerabilities imposed, etc.
Moreover, companies have already issued patches for these vulnerabilities though not fully but have mitigated this problem to some extent. Let’s see what further steps do the companies take to solve the problem. Until then, Be Safe.