To Customer Support To Customer Support

Researchers claim AMD flaws threaten Ryzen, EPYC chips

  • 13 March 2018
  • 2 replies
  • 174 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Ryzen and EPYC AMD flaws partially detailed with just 24 hours disclosure notice, despite potentially significant exploits including secure processor takeover or security bypass.

 
March 13th, 2018  By Michael Heller
 
Security researchers announced four classes of vulnerabilities and manufacturer backdoors in modern AMD chipsets, but withheld details due to an unconventionally short disclosure window.
 
Researchers at CTS Labs, a cybersecurity research firm and consultancy based in Tel Aviv, claimed they found 13 vulnerabilities in AMD's EPYC server, Ryzen, Ryzen Pro and Ryzen Mobile chipsets. The AMD flaws -- named Ryzenfall, Masterkey, Fallout and Chimera -- can reportedly lead to malicious actors taking over Ryzen chipsets or the Secure Processors of either Ryzen or EPYC chipsets, infecting AMD chips with malware, stealing credentials, bypassing endpoint security or causing physical damage to hardware.
 
Full Article.

2 replies

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
By Michael Novinson on March 13, 2018
 
Two high-profile security channel partners said insufficient replication details and untimely disclosure suggest that allegations of critical AMD processors vulnerabilities might not live up to the hype.
 
"There is simply an allegation of a problem with no information that would allow third parties to verify that the problem exists or what techniques would be required in order to exploit it," said Mike Lines, Optiv's vice president of strategy, risk and compliance. "You have no idea of the potential risk."
 
https:// https://www.crn.com/news/security/300100621/security-solution-providers-are-skeptical-of-cts-labs-claims-involving-amd-processors.htm
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
March 14th, 2018 By Catalin Cimpanu
 

AMD flaws independently verified by two credible sources

 
Those theories were short-lived because a few hours after CTS Labs took a beating on social media and some infosec blogs, Dan Guido, the CEO of Trail of Bits —another security company— came forward to confirm that the CTS Labs report was real and contained actual vulnerabilities.
 
Full Article.

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.