On March 13th, CTS Labs published some security exploits that it discovered on AMD’s CPUs. CTS Labs got in touch with the red team on March 12th and gave it only 24 hours before going public. Obviously that was kind of fishy and a lot of people were curious whether these exploits were legit or not. And today, AMD released a statement, acknowledging and confirming those exploits, and claiming that it will fix them through BIOS updates.
Now before continuing, we should note that these exploits are not related to the AMD “Zen” CPU architecture or the Google Project Zero exploits made public on January 3rd. As AMD noted, these issues are associated with the firmware managing the embedded security control processor in some of its products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
Furthermore, and as AMD noted, all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. So yeah, this isn’t something similar to Spectre or Meltdown.
AMD states that it will release BIOS update in the coming weeks that will resolve these security issues. Moreover, there won’t be any performance impact after applying these fixes.
You can find more details about these latest security exploits on AMD’s website!
John is the founder and Editor in Chief at DSOGaming. He is a PC gaming fan and highly supports the modding and indie communities. Before creating DSOGaming, John worked on numerous gaming websites. While he is a die-hard PC gamer, his gaming roots can be found on consoles. John loved – and still does – the 16-bit consoles, and considers SNES to be one of the best consoles. Still, the PC platform won him over consoles. That was mainly due to 3DFX and its iconic dedicated 3D accelerator graphics card, Voodoo 2. John has also written a higher degree thesis on the “The Evolution of PC graphics cards.”
Contact: Email
“Method: Attacker requires Administrative access.”
Anything more than 24 hours.
Reading many forum posts people attacked CTS, including AMD, stating this was fake and now here we are.
In this day and age if someone wants to hack something, with enough time, skill, and possibley money, they can’t make it happen.
People didn’t say it was fake, they said it’s iffy, which it is. It’s a none issue. For starters they didn’t give them any notice, secondly, the attacker needs admin access. If they had this, why would they need a further exploit to gain access?
Ok, people were saying it was not crediable. Yes, I understand you need root access to use this exploit which defeats the purpose, but does that truly mean there is not another way to use this exploit?
There is, this might not be as “dangerous” as meltdown and spectre, but it’s still dangerous (though i suppose not for end users like urselves, unless you own some source of important files, and tons of money, whould you even try and hack random people?)
They did, Redtech Gaming and Nexus comments are full of these sort of things.
“That website is clearly an Intel puppet trying to defame AMD. It’s so fake.”
“Sounds so fake. I hope they will get sued for this”
“FAKE FAKE FAKE!”
Loads of people blaming intel squarely as well with no evidence at all.
It should certainly be fixed, but the requirements for the exploits to be effective makes them much less devastating that what the disclosure implied from its agressive tone.
It’s a none issue. For one, it doesn’t affect home users for the most part. For those systems that COULD be affected, the attacker needs administrative access. If they had that, they’re already in the computer, so why perform an exploit to gain access!? Doesn’t make sense.
It’s been multiple times, administrative access can be obtained throught different ways, like a preinstalled malware and other stuff, stop diminishing this, no system is secure 100%.
True…I was thinking the exact same thing! Why the heck would someone bother going through a system level exploit when you have admin rights! One can pretty much control everything after having admin privileges!
I’m sorry but these “hacks” can only happen when someone is physically on your machine
I’m wondering, does this also potentially affect pre-Ryzen CPUs, like the FX series?