Intel has confirmed the leak of the UEFI BIOS source code of its 12th generation Core processors dubbed 'Alder Lake', which was initially reported by information security collective VX Underground to have been spread through GitHub and 4chan, reports The Register.
While some security experts noted that the source code's exposure may introduce potentially exploitable firmware flaws, Intel has downplayed the likelihood of such an incident as it does not leverage information obfuscation as a security measure. "This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them to our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation," said Intel. However, Mark Ermolov of Positive Technologies has emphasized the seriousness of the leak, which was claimed to have also exposed the private signing key for Intel's Boot Guard technology. "A very bad thing happened: now, the Intel Boot Guard on the vendor's platforms can no longer be trusted," said Ermolov.
A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git security audit, SQL Slammer 20 years later, the SQLMap tool
Artificial intelligence poses a pretty scary threat to information security overall, but application-security testers should find AI to be extremely useful for finding flaws and weeding out false positives.