Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker!, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!

Results 1 to 2 of 2
Like Tree2Likes
  • 2 Post By sedna

Thread: Researchers discover 13 major security flaws specific to AMD's Zen CPUs

  1. #1
    Guest sedna's Avatar

    Researchers discover 13 major security flaws specific to AMD's Zen CPUs

    The newly discovered flaws are similar in severity to Spectre and Meltdown.

    Hot on the heels of Spectre and Meltdown, researchers say they have discovered more than a dozen (or exactly a baker's dozen) new critical security flaws affecting AMD's Ryzen and Epyc processor lines, CNET reports. The vulnerabilities purportedly lie in what is supposed to be a secure part of the processors where sensitive information is contained.

    The flaws were discovered by CTS-Labs, a security outfit in Israel. Unlike Google's Project Zero team, which alerted chipmakers months in advance to Spectre and Meltdown before disclosing them to the public, CTS-Labs gave AMD less than 24 hours to look at its findings and respond before publishing the details. AMD is in the process of investigating the matter.

    "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings," an AMD spokesman said.

    It's not yet clear how serious these newly discovered flaws are. As presented, the 13 flaws fall into four categories called Master Key, Ryzenfall, Fallout, and Chimera. Between the four main vulnerabilities, an attacker could bypass a Ryzen or Epyc CPU's secure boot and install malware into the BIOS, and the onto the processor itself. They could also leverage a pair of manufacturer backdoors to compromise a system's firmware and chipset.

    If the vulnerabilities are as widespread and critical as CTS-Labs presents them to be, there are all kinds of implications and potential scenarios. Collectively, the vulnerabilities open customers up to covert and long-term industrial espionage, sophisticated malware attacks that expose passwords and other personal information, hardware-based ransomware, and more.

    The industry at large is still reeling from Spectre and Meltdown. Some of the early patches have caused a few headaches, such as random reboots and performance degradation. It remains to be seen what the fallout might be like for these newly discovered flaws.
    kirill and jimmy7 like this.

  2. #2
    Power User
    LagunaLoire's Avatar
    Reputation Points
    Reputation Power
    Join Date
    Feb 2017
    Time Online
    1 d 9 h 15 m
    Avg. Time Online
    2 m
    22 Post(s)
    8 Post(s)
    77 times
    4 (100%)
    Disappointing to see more flaws however from what I've read, they don't seem as severe as Spectre and Meltdown. Still a bummer though.

    Thanks for sharing.

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts