The security breaches in AMD processors are causing network clutter

A young Israeli vulnerability research company makes headlines with sudden exposure to 13 types of loopholes that affect the Zen processors

While processor companies still lick the wounds left by the known security holes Who received the titles Spectre and Meltdown, And required a variety of different patch updates that created quite a few new problems of their own - Another heavy weight on the shoulders falls in the form of 13 loopholes News related to its latest products, which are divided into four groups, all of which were revealed at the same time by an Israeli company, only 24 hours after the developer had updated the details.

Get updates from everyone in TelgramGet updates from us all at TelgramJoin the channel now


An 20 study paper describes a variety of methods of attack and security vulnerability in the Zen architecture , Which examined all the products available on the market today: from the EPYC processors to the server world (where harming them also means harm to their Threadripper brothers, it seems) and the- Pro desktop and up to Mobile devices that are integrated into the mobile world.

Different methods for different processors - but all are on the way to causing a major headache in AMD

A mechanism called Chimera utilizes gaps Known as ASMedia products, which helped develop the dedicated chipsets in the Ryzen and Ryzen Pro desktop processors to prove the potential for attack and damage to both the computer operating system and all the devices connected to the interfaces , SATA and To an array, all of which pass through the same chipset.

All the vulnerabilities are based on "plugins" in the Zen processors that interface with the core processing core, System and operating system

Mechanisms called Fallout and Ryzenfall include a number of methods for reading information, writing information, and running external malicious code based on the designated security system in the labs Which is based on the A5 Cortex chip and the company's technologies - when the fallout method proved to be a danger for the massive EPYC processors, while Ryzenfall as the one that hits the CPU- Of all kinds.


From the published research paper, will only a real material change be able to block the security faults?

Last and not-so-popular mechanism is called Masterkey and includes attack and damage through the core Cortex A5 device that is spoken in combination with models - with the ability to cancel mechanisms Of the processors as part of a malicious malicious firmware update. Given that these firmware updates have become easier and simpler than ever before, you can certainly imagine a situation in which we receive attempts to distribute such an offensive update under the guise of another application or extension.

At this time, there is no known malicious exploitation of these loopholes, although their very exposure may significantly increase the chances of this

On the face of it, it would be quite a challenge to exploit some of the breaches that have been discovered, but a similar statement can be made Most variations of Spectre and Meltdown - when this time, too, it is doubtful whether this will comfort the average consumer who is not an expert in the field, but is definitely concerned about the theoretical ability to damage his personal computers and access to his files and details. Will have to provide a solution to the gaps, and there is a high chance that in this case too, a simple and standard program update will not suffice to close the cracks.

Not all methods work on all types of processors, but it seems that no model is completely immune to our sorrow

Question mark exposure?

Throughout the network, questions about the source of this comprehensive security problem began to arise almost immediately. The Israeli CTS Labs company is described as being established only a year ago and is located in Tel Aviv and includes only four employees, with no previous reports of loopholes In other systems and products.

CTS Labs certainly succeeded in breaking into the global consciousness by storm

Many (including factors in Itself) expressed astonishment about the scope of its discovery and its documentation professionalism, which included a dedicated site, professional graphic descriptions with a logo and a corresponding name for each method, declarations to the media and channel videos Which opened a few days before the exposure. There are no complaints about the existence of the security problems, but there is no doubt that the source behind the information could be a deliberate blow to the reputation of the chip developer - perhaps in an attempt to run the company's shares.

While the Spectre and Metldown bursts were discovered with the help of Project Zero dedicated to the study of the subject under , Without too many question marks about the credibility or motivation behind the information - here the situation is different, and the question marks are slightly more significant

Now there seems to be a good reason to wait for the official responses from me , In order to understand whether she accepts or rejects the allegations and accusations - and especially how she plans to act to correct the gaps and make sure that these will not repeat themselves in the family - Upcoming 2000, and other products. Watch for updates.