"AMD has a Spectre/Meltdown-like security flaw of its own Researchers find 13 vulnerabilities in AMD’s Ryzen and EPYC chip, allowing attackers to install malware on highly guarded portions of the processor... Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer... This vulnerability specifically affects AMD's Ryzen chips, and would allow malware to completely take over the secure processor... It's unclear how long it will take to fix these issues with AMD's processors...." https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/
All that not surprising since additional security flaws were found in Intel processors: https://www.wilderssecurity.com/thr...-extract-data-from-intel-sgx-enclaves.401277/ I have often stated that the entire small computer architecture was fundamentally flawed security-wise from "day one."
The CTS-Labs Report -- AMD Ryzen & EPYC product lines' 4 Classes of Vulnerabilities https://www.amdflaws.com/
It's a fishy story https://www.anandtech.com/show/1252...lish-ryzen-flaws-gave-amd-24-hours-to-respond
"Researchers Point to an AMD Backdoor—And Face Their Own Backlash... Hyped or not, the CTS researchers appear to have found real vulnerabilities in AMD's Zen architecture chips,... While CTS hasn't publicly released any of the details of how its attacks work, it did share them privately with New York-based security firm Trail of Bits, which essentially confirmed the central findings. 'Regardless of hype, they found vulnerabilities that work as described,' says Dan Guido, Trail of Bits' founder..." https://www.wired.com/story/amd-backdoor-cts-labs-backlash/
https://arstechnica.com/information...-in-amd-chips-make-bad-hacks-much-much-worse/ Now this is something to really worry about considering all the BootnNuke & Clean Image restoring suggestions given as 100% sure shot way of getting rid of any malware.
AMD Flaws Pose No Immediate Risk of Exploitation, Says Independent Reviewer https://www.bleepingcomputer.com/ne...sk-of-exploitation-says-independent-reviewer/
"AMD Fix for Newly Disclosed Flaws Coming in Weeks, Won't Impact Performance, Company Says AMD has announced a series of firmware patches set to arrive in the coming weeks to address security issues raised by an Israeli security firm one week ago. https://gizmodo.com/amd-fix-for-newly-disclosed-flaws-coming-in-weeks-wont-1823932681
My take on this is if your processor is pre-2013, Zen, or not select socket AM4 or TR4 motherboards, you're not affected by these latest vulnerabilities: https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor https://en.wikipedia.org/wiki/Socket_AM4
It sure is well for everyone that someone, hardware (Security firm) thoroughly probes those production releases
"accuses chipmaker of downplaying flaws". You mean the same security firm that up-played, overhyped flaws? You need to completely compromise OS (Windows, Linux, you name it) before you can exploit these security flaws.
"AMD ships patches to address flaws unearthed by CTS Labs..." https://hexus.net/tech/news/cpu/117839-amd-ships-patches-address-flaws-unearthed-cts-labs/