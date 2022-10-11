A security problem has come over Intel in the last few hours. After different rumors about the Alder Leak CPU UEFI BIOS source code leaknow from Intel itself they have affirmed that this is something completely true.





Given this leak source code for one of the company’s newest processors, such as the 12th Gen Intel Core released in November 2021, security researchers are concerned with what can be done with this information. And it is that Intel has been forced to confirm it after the publication on Twitter of several links with all this information.

Intel confirms its data leak

These links were posted on Twitter on Friday itself by a person claiming to have the source code we discussed and released by 4chan. Accessing this link takes you to a GitHub repository called “ICE_TEA_BIOS” which contains a total of 5.97 GB of files.





Among these data dated 09/30/2022 you could find the source code, the private keys and also the build tools. In this way you can know that someone has ended up copying it illegally, whether it is a hacker or someone from within the company itself. This is now one of the same great doubts that exist about the origin of the theft.

Given this fact, Intel wanted to convey a message of calm, but security experts are concerned. This is because anyone right now is free to search for some kind of vulnerability in these processors in their own source code.

One of the key questions that these experts are asking lies in the private key that has been leaked. In the event that it is used in the production chain, may mean hackers can modify Intel firmware boot and bypass all the security it contains. Specifically from Intel they have transmitted the following information:

Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities, as we do not rely on information obfuscation as a security measure. This code is covered by our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who can identify potential vulnerabilities to bring it to our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.

Via | bleeping computer