Amd responds to vulnerabilities discovered in cpus ryzen
Table of contents:
AMD has been hit with significantly fewer vulnerability reports than Intel, but a handful have surfaced. A few days ago we commented on the vulnerabilities that were discovered by the Graz University of Technology, which published their finding in a document called Take A Way, which details the Collide + Probe and Load + Reload attacks.
AMD denies that these are speculative execution attacks
In this case, regarding the Take A Way white paper, AMD states that "these are not new attacks based on speculative prediction" and they have not released any software updates in response to this.
The ZDNet site is reporting that they are in contact with investigators, who claim that the attack still works on updated machines. The researchers also claim that they have tested the exploit in JavaScript engines for Chrome and Firefox, as well as through a hypervisor (for virtualized environments, such as cloud servers ).
It is unclear whether AMD or the researchers are correct until AMD releases a patch, or someone releases an exploit using these methods. In any case, the researchers also claim that the amount of data that can be leaked is small. While they claim it can work in real-world settings, that doesn't mean it's worth doing in real-world settings.
Still, if it works and can be patched, then it should be fixed.
This is the official statement from AMD:
AMD continues to recommend the following best practices to help mitigate side channel problems:
- Keep the operating system up-to-date by operating with the latest updates and platform firmware, including existing mitigations for speculation-based vulnerabilities Following secure encryption methodologies Implementing the latest patched versions of critical libraries, including those susceptible to side-channel attacks Using safe computing practices and running antivirus software
This ends the comments made by AMD on the subject, fully minimizing the impact of these vulnerabilities. We will keep you informed as soon as we know more.
Pcperamd fontVulnerabilities discovered in foscam brand ip cameras
Vulnerabilities discovered in Foscam brand IP cameras. Find out more about the problems that affect Foscam cameras.
10 new vulnerabilities discovered in vm virtualbox
Oracle has released a patch to fix ten vulnerabilities in VirtualBox that allow attackers to escape 'guest' operating systems and attack the host operating system that VirtualBox is running on.
Eight new vulnerabilities discovered in intel processors
Eight new vulnerabilities have been discovered in Intel processors, four of them are especially serious, more even than Specter.
