Intel has been in the eye of a storm following the disclosure of Meltdown and Spectre, a CPU flaw that affects all Intel processors stretching back 15 years. AMD was also involved, although not to the extent as its rival. At least not until now. Security researchers have found a severe flaw in AMD chips that is similar in scope to Meltdown and Spectre.
Like the Intel kernel-level flaw, the AMD problem could allow hackers to enter processors on millions of devices and steal data. These vulnerabilities are ironically located in what is meant to be a secured part of the CPU. This area is where the processor stores sensitive data and is meant to prevent malicious content entering a system.
The flaws are worrying, but they are not easily accessed by attackers. Indeed, anyone wanting access would need to have control of the machine. Of course, there is plenty of malware out there that can allow hackers to take over a PC. However, to exploit the AMD vulnerabilities the attacker would also need admin access.
Still, Israeli security firm CTS-Labs says its researchers have found 13 vulnerabilities that it deems critical. They affect AMD’s Ryzen and EPYC processors and could allow attackers to install malware on machines.
Ryzen is AMD’s desktop and laptop range of CPUs, its flagship series that has taken the market fight to Intel. EPYC are server-grade processors, which means organizations and individuals are at risk. AMD has said it is taking the report seriously and is currently investigating.
“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise,” an AMD spokesman said. “We are investigating this report, which we just received, to understand the methodology and merit of the findings.”
Early Disclosure
Something worth noting is the grace period CTS-Labs gave AMD. It is usual for companies to be given 90 days to create a fix for issues found by third parties. However, CTS decided to give AMD less than 24 hours. The firm may argue it is pushing AMD to act as Intel and tech giants like Apple and Microsoft hit Meltdown and Spectre for months.
We reached out to CTS-Labs to and will update when the company returns the message.
