Stefan Mileschin

Only given a week to fix it

Insecurity experts have discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices.

The alleged vulnerabilities are in the secure part of the processors - typically where your device stores sensitive data like passwords and encryption keys. While most of them require administrative access to the machine through malware, putting additional malware on the secure processor is itself a huge potential for damage.

CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers. However, the outfit gave AMD a week to come up with a fix before it went public. Standard vulnerability disclosure calls for at least 90 days notice, so companies have time to address flaws adequately. Google's researchers gave Intel six months to fix issues related to Spectre and Meltdown.

An AMD spokesman said that it was still investigating this report, which we just received, to understand the methodology and merit of the findings."

CTS-Labs co-founder and Chief Financial Officer Yaron Luk-Zilberman told CNET that all the vulnerabilities allow an attacker to target the secure segment of a processor, which is crucial to protecting the sensitive information on your device.

https://fudzilla.com/news/45809-amd-...security-flaws