Intel has confirmed that proprietary UEFI code for its 12th generation processors has been leaked; the 6GB file, published on 4chan and Github, contains information on creating and optimizing BIOS code for Alder Lake chips, but Intel says it is not a new Intel states that this does not expose any new security vulnerabilities.

"It appears that our proprietary UEFI code was leaked by a third party," an Intel spokesperson told Tom's Hardware (opens in new tab).

"We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is eligible for the bug bounty program within the Project Circuit Breaker campaign, and we encourage researchers who discover potential vulnerabilities to bring them to our attention through this program. We encourage both our customers and the security research community to keep us informed about this situation.

Intel's strategy appears to be to avoid having "secret code" as part of the security of their processors. This is because if this code were to fall into the wrong hands, the security of the processor would be compromised. The company seems confident that the leak will not result in a security threat.

Intel's statement suggests that its internal systems were not hacked, but that a third party leaked the files; as Twitter user SttyK (opens in new tab) and a Tom's Hardware report point out, the Github repository created by an employee of China-based laptop maker LC Future Center, and some of the code mentions Lenovo, one of LC Future Center's clients. However, this association has not been confirmed by Intel or any other company.

Even if Intel ultimately believed that it could protect its CPUs from malicious actors, the released UEFI files would raise concerns for security researchers. the UEFI works in conjunction with the OS to implement the basic security principles of Windows, and it is the only way to ensure that the CPUs are protected from malicious actors, It prevents exploits from gaining access to private information. Already security researchers are paying close attention to the leaked files and seeing what they can uncover.

There may even be a prize for researchers who discover vulnerabilities in the code. Intel mentions that the code is the subject of its Project Circuit Breaker campaign, another name for its bug bounty program. There is a specific "code challenge" for this particular BIOS leak. It is called "Alders & Seekers (open in new tab)."

"Due to the unauthorized disclosure of Intel's proprietary UEFI code for Alder Lake, we are opening our undisclosed Alders & Seekers bug bounty campaign to all security researchers. Additionally, we have extended the end date of this campaign from October 15, 2022 to January 20, 2022 at 9:00 AM EST. This campaign is subject to the standard policies of the Intel(R) Bug Rewards Program."

If this leak creates a hole in the security of Alder Lake, we hope that it will be patched before it is further spread by the bug bounty. Such programs often involve skilled security professionals who are willing to help because they can be paid handsomely depending on the severity of the bug.

Meanwhile, PC gamers with Intel Core i9 12900K and other 12th generation processors will not have to worry anytime soon. So there is no need to worry. Even if such concerns arise in the future, keeping systems up-to-date and implementing the latest mitigations are often the best defense against this type of exploit.