Chipmaker Intel has confirmed a leak of its Alder Lake BIOS source code, as revealed on 4chan and GitHub. However, the hacker’s origin (or root cause) remains unknown.
Launched in November 2021, Alder Lake is Intel’s codename for the 12th generation of Intel Core desktop processors for IoT applications.
According to a statement issued to Tom’s Hardware, Intel confirmed the security incident as noted in a blog post:
“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.” — Intel spokesperson.
Unified Extensible Output System (UEFI) is essentially a newer version of BIOS and firmware that initializes the computer hardware before the operating system has loaded.
Although the impact may be limited or unknown at this time, Intel is still encouraging researchers to submit any discovered vulnerabilities via its bug bounty program.
Moreover, Intel has not confirmed who the third party perpetrator was or how the code was leaked.
More updates by Intel or the security community may emerge if new source code vulnerabilities are discovered.
- NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories
- PHP user database leak allegedly led to PHP source code compromise
- GitHub fixes 2 npm registry vulnerabilities
- GitHub launches ‘Security Lab’ to help secure open source software
- Total Meltdown vulnerability exploit source code now on GitHub