Ryzenfall is a threat that allows for malware to completely hijack a Secure Processor allowing access to secure data that would normally be out of the reach of attackers.
While the vulnerabilities all require administrator access before they can be exploited, making them significantly more hard for intruders to use, they are unsafe in that they allow complete access to the system, including secure processing areas normally off-limits to malware.
CTS-Labs, an Israeli cybersecurity firm, says it has found multiple flaws in AMD's RYZEN and EPYC processors that could let hackers who've already compromised computers access secure portions of the processors to install malware or steal sensitive data like encryption keys. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers.
Fallout exposes the bootloader within the Epyc Secure Processor, allowing access to protected memory regions, CTS-Labs claims. However, the statement AMD provided to PCWorld implied that the company wasn't given the usual amount of time to investigate the vulnerabilities internally, which is typically about 90 days.
"CTS believes that networks that contain AMD computers are at a considerable risk", the report said.
"This can allow attackers to bury themselves deep within the computer system and to potentially engage in persistent, virtually undetectable espionage, executed from AMD's Secure Processor and AMD's chipset".
Considering the "risk" involved, it is surprising that CTS Labs went public with their finding just 24 hours after notifying AMD. We are actively investigating and analyzing its findings.
Investment firm Viceroy Research published a 25-page report on the issues after the company said it was anonymously emailed a copy of CTS' findings on Monday afternoon.
Hard Facts About Boston Scientific Corporation (NYSE:BSX)
The stock of Boston Scientific Corporation (NYSE: BSX ) has "Outperform" rating given on Friday, June 9 by RBC Capital Markets. It increased, as 53 investors sold SNA shares while 154 reduced holdings. 6 funds opened positions while 26 raised stakes.
AMD developers stated that they've just found out about these new vulnerabilities and said they will investigate this further to see if the vulnerabilities are real and if they are really risky to the devices powered by AMD CPUs.
Guido also said CTS-Labs paid him the company's "week rate for the work".
This had raised suspicions that CTS Labs may have a commercial motive for disclosing the AMD vulnerabilities so soon after notifying the chip maker. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise.
In a statement on its website, AMD added, "This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings".
IShares Currency Hedged MSCI Mexico (HEWW) Declines 0.5% for Mar 12
As investors survey the stock market, they will often look to make the smartest possible decisions when purchasing company shares. The Magic Formula was introduced in a book written by Joel Greenblatt, entitled, "The Little Book that Beats the Market".
This story was updated on March 13 at 2:06 PM with additional comments from AMD.
It's unclear how long it would take to fix these issues.
Central bank crypto-currencies 'uncharted waters'
The BIS urged central banks to continue their studies of digital innovations and also consider the implications of not issuing CBDCs.