If you read the article, it went undetected so long probably because it looks like you have to do 2 or 3 ‘illegal’ things in just the right order at just the right time. (‘illegal’ as in ‘not supposed to work’. I did find the second article very interesting – the one that explained rowhammer.)
I mean, how long did it take my friends at ASU lo these many years ago to put together 3 little bits of information to realize the large hole that was left? Oh, probably at least a year… So even with motivation and time AND all the information presented right there in front of you, it can take a while. THIS bug apparently involves doing stuff that isn’t really supposed to work.
In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
Also crucial to note is that AMD chips are not affected by this.
How the heck does something like this go unnoticed for so long?