Intel has announced the identification of 34 security vulnerabilities across 32 software solutions and two firmware categories. These vulnerabilities encompass a range of software including chipset drivers, Wi-Fi components, and applications such as XTU, the oneAPI Toolkit, and Intel Unison, in addition to affecting Thunderbolt software and firmware. Intel advises immediate updates for Thunderbolt drivers and controllers to mitigate these risks.
This disclosure, which includes a variety of unrelated security issues, follows Intel’s practice of announcing vulnerabilities collectively post-patch completion. This approach ensures that maintained software and firmware are secured against identified threats.
The vulnerabilities primarily affect less prominent software, such as Intel’s Battery Life Diagnostic Tool, among others, which may not be widely used. Notably, several high-visibility applications, including Intel Unison, the oneAPI Toolkit, and XTU, are also compromised. Certain drivers, crucial for system operation, may not receive automatic updates, presenting additional challenges.
Of particular concern is the security of Intel’s Thunderbolt technology, with vulnerabilities in both drivers and firmware highlighted. The driver vulnerabilities, encompassing 20 distinct issues, could potentially allow unauthorized privilege escalation, denial of service attacks, and data theft, with three classified as high severity. Most of these vulnerabilities require local access to exploit, limiting their scope to attackers with direct or remote access to the system, or those capable of executing social engineering tactics. An additional network-based vulnerability is noted, though it is deemed of medium severity.
Intel has addressed all identified vulnerabilities, except for one affecting the now-discontinued System Usage Report for Gameplay tool, which will not be patched. Users are advised to uninstall this application.
Given the diverse nature of these vulnerabilities, users are recommended to update all implicated Intel software and firmware. While the average user may primarily need to update Thunderbolt-related components and drivers, enthusiasts and developers might face extensive updates to ensure system security and integrity.