Security flaw discovered in the co

We are still not recovering from what is happening with Specter and Meltdown , as a new vulnerability is discovered that is now affecting AMD processors.

Security flaw found in AMD Secure co-processor, would affect all AMD CPUs

The flaw has to do with the co-processor called AMD Secure and would be corrected only with a BIOS / UEFI / firmware update. This component, previously known as AMD PSP (Platform Security Processor), is a chip-on-chip security system, similar to the much-hated Intel Management Engine (ME).

Like the Intel ME, AMD Secure is an integrated co-processor that sits alongside the AMD64 x86 cores and runs a separate operating system tasked with managing various security-related operations for the data being processed.

The flaw was discovered by Cfir Cohen, a security researcher with the Google Cloud Security Team. The man claims to have found the vulnerability in the TPM (Trusted Platform Module) of the AMD Secure processor. This TPM is in charge of storing critical system data, such as passwords, certificates and encryption keys, in a secure environment and outside the easily accessible AMD cores.

The Google researcher reported the flaw to AMD in September, and AMD told the researcher in December that they had developed a patch and were preparing to release it. We are already in the month of January and we still have no news of that update.

This failure would be very similar to the aforementioned Intel ME, which in November allowed attackers to install rootkits and recover data from Intel Core processors.

We will keep you informed when we have more news on this matter.

Bleepingcomputer font