This week, a security research lab called CTS disclosed a warning about 13 serious vulnerabilities that affect most of AMD’s processors. The researchers make pretty bold and possibly overstated claims, suggesting these flaws are a huge deal, and in some cases potentially unpatchable. However, there are some suspicious aspects of this release as well. First, the researchers only gave AMD (and Microsoft) 24 hours before releasing the issue to the press. Also, they haven’t shared any technical detail around the flaws, presumably to keep victims safe until the vendor reacts and fixes them. Nonetheless, this lack of detail makes it hard for the rest of the industry to validate the issues. Finally, it doesn’t help that the researchers admit they have some financial interests in the vendor in question, and that shady third parties are using this release to try to attack AMD, and perhaps affect its financials.
In any case, watch the video below for details, and check out the references for more info.
Episode Runtime: 6:29
Direct YouTube Link: https://www.youtube.com/watch?v=-y_bgQ7vZFk
- Researchers disclose serious AMD vulnerabilities – Motherboard
- CTS may face backlash on irresponsible disclosure – Wired
- Special “marketing page” for AMD security vulnerabilities – AMDFlaws.com
- Whitepaper on the AMD flaws (lacks technical details) [PDF] – Engadget
- AMD’s response to CTS’s disclosure – AMD
- Shady hyperbolic writeup on AMD flaws (questionable source) – Viceroy Research
—Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply