The publication, claiming sources, reported that Intel informed some of their customers about the vulnerabilities before the US government including Microsoft, Amazon, and Chinese companies Alibaba and Lenovo.
However, Intel didn’t tell the names of any of its customers whom it contacted regarding the speculative execution vulnerabilities and to figure out the fixes.
An Intel spokesperson said that the company was unable to notify others, including the US government, as the bugs were made public earlier than the decided date which was January 9.
Although there is no evidence, assumptions are being made that the Chinese government which regularly monitors almost everything in their internet space could have harvested this information and used it to exploit loopholes before the patches were released.
The department of homeland security was unaware of the flaws until the news was broken, said a representative. The information couldn’t reach the ears of the NSA either. It was known after the White House’s cybersecurity official Rob Joyce responded to a tweet. “NSA didn’t know about these flaws, nor did they exploit them,” he said.
Jake-No nuance to my answer. No lawyerly caveats. NSA did not know about these flaws, nor did they exploit them. I don’t put my good name on the line lightly. I understand you are disinclined to believe, 1/2.
— Rob Joyce (@RobJoyce45) January 13, 2018
According to former NSA staffer Jake Williams who now owns a cybersecurity firm called Rendition Infosec, vulnerabilities like Meltdown and Spectre would have sparked the interest of any intelligence organization.
With the knowledge of vulnerabilities of that scale, the situation for Intel, in fact, almost any company, becomes tough when deciding how it should be disclosed and to whom without spilling the beans. They might not want themselves to be answerable for any consequences if something goes wrong.