Smug AMD owners who felt they dodged a bullet with Intel’s Spectre meltdown, I have some bad news. A team of Israeli researchers has published a paper outlining critical security flaws in AMD chips, much like the vulnerabilities in Intel and Apple’s silicon. If what they’re saying is accurate, it would mean that millions of AMD-powered PCs on the market today are vulnerable to having malicious code run on the secure boot section of the processor.
CTS-Labs, an Israeli security firm, published details of 13 critical security flaws Tuesday. According to the report, AMD Ryzen Workstation, Ryzen Pro, Ryzen Mobile, and EPYC Server chipsets are vulnerable. The vulnerabilities have been code-named Masterkey, Ryzenfall, Fallout, and Chimera.
According to CNET, the researchers only gave AMD 24 hours to look at the report before publishing, an unusual move. Researchers typically give firms several months to prepare a fix before announcing the vulnerability publicly. As it currently stands, AMD is still investigating the flaws, and any fix is going to be weeks or months away. In theory, that opens up a window for malicious attackers to take advantage of the vulnerability before any fix is in place.
“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings,” an AMD spokesman told CNET.