[ad_1]
\n<\/p>\n
Security researchers have found a vulnerability in AMD processors that has persisted for decades, <\/em><\/a>. This is a fascinating security flaw because it was found in the firmware of the actual chips and potentially allows malware to deeply infect a computer\u2019s memory.<\/p>\n The flaw was discovered by <\/a>, who are calling the AMD-based vulnerability a \u201cSinkclose” flaw. This potentially allows hackers to run their own code in the most privileged mode of an AMD processor, System Management Mode. This is typically a protected portion of the firmware. The researchers have also noted that the flaw dates back to at least 2006 and that it impacts nearly every AMD chip.<\/p>\n “Researchers warn that a bug in AMD\u2019s chips would allow attackers to root into some of the most privileged portions of a computer…” New piece from @WIRED<\/a> featuring research from IOActive Principal Security Consultants, Enrique Nissim & Krzysztof Okupski. https:\/\/t.co\/UuvzC2qyGI<\/a><\/p>\n \u2014 IOActive, Inc (@IOActive) August 9, 2024<\/a><\/p>\n<\/blockquote>\n<\/div>\n That\u2019s the bad news. Now onto some better news. Despite being potentially catastrophic, this issue is unlikely to impact regular people. That\u2019s because in order to make full use of the flaw, hackers would already need deep access to an AMD-based PC or server. That\u2019s a lot of work for a random home PC, phew, but could spell trouble for corporations or other large entities.<\/p>\n This is particularly worrisome for <\/a>. In theory, malicious code could burrow itself so deep within the firmware that it would be almost impossible to find. As a matter of fact, the researchers say that the code would likely survive a complete reinstallation of the operating system. The best option for infected computers would be a one-way ticket to the trash heap.<\/p>\n \u201cImagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it’s still going to be there,\u201d says Krzysztof Okupski from IOActive. \u201cIt’s going to be nearly undetectable and nearly unpatchable.\u201d<\/p>\n Once successfully implemented, hackers would have full access to both surveil activity and tamper with the infected machine. AMD has acknowledged the issue and says that it has \u201creleased mitigation options\u201d for data center products and Ryzen PC products \u201cwith mitigations for AMD embedded products coming soon.\u201d The company has also published a <\/a>.<\/p>\n AMD has also emphasized just how difficult it would be to take advantage of this exploit. It compares using the Sinkclose flaw to accessing a bank\u2019s safe-deposit boxes after already bypassing alarms, guards, vault doors and other security measures. IOActive, however, says that kernel exploits \u2014 the equivalent of plans to get to those metaphorical safe-deposit boxes \u2014 exist readily in the wild. \u201cPeople have kernel exploits right now for all these systems,\u201d the organization told Wired. \u201cThey exist and they’re available for attackers.\u201d<\/p>\n IOActive has agreed to not publish any proof-of-concept code as AMD gets to work on patches. The researchers have warned that speed is of the essence, saying \u201cif the foundation is broken, then the security for the whole system is broken.\u201d<\/p>\n<\/div>\n\n