A young Israeli vulnerability research company makes headlines with sudden exposure to 13 types of loopholes that affect the Zen processors
While processor companies still lick the wounds left by the known security holes Who received the titles Spectre and Meltdown, And required a variety of different patch updates that created quite a few new problems of their own -I HAVE D Another heavy weight on the shoulders falls in the form of 13 loopholes securing News related to its latest products, which are divided into four groups, all of which were revealed at the same time by an Israeli company, only 24 hours after the developer had updated the details.
An 20 study paper describes a variety of methods of attack and security vulnerability in the Zen architecture I HAVE D, Which examined all the products available on the market today: from the EPYC processors to the server world (where harming them also means harm to their Threadripper brothers, it seems)RYZEN and the-RYZEN Pro desktop and up toRYZEN Mobile devices that are integrated into the mobile world.
A mechanism called Chimera utilizes gaps securing Known as ASMedia products, which helped develop the dedicated chipsets in the Ryzen and Ryzen Pro desktop processors to prove the potential for attack and damage to both the computer operating system and all the devices connected to the interfaces USB, SATA andPCI-Express To an array, all of which pass through the same chipset.
Mechanisms called Fallout and Ryzenfall include a number of methods for reading information, writing information, and running external malicious code based on the designated security system in the labs I HAVE D Which is based on the A5 Cortex chip and the company's technologies ARM - when the fallout method proved to be a danger for the massive EPYC processors, while Ryzenfall as the one that hits the CPU-RYZEN Of all kinds.
Last and not-so-popular mechanism is called Masterkey and includes attack and damage through the core Cortex A5 device that is spoken in combination with models - with the ability to cancel mechanisms securing Of the processors as part of a malicious malicious firmware update. Given that these firmware updates have become easier and simpler than ever before, you can certainly imagine a situation in which we receive attempts to distribute such an offensive update under the guise of another application or extension.
On the face of it, it would be quite a challenge to exploit some of the breaches that have been discovered, but a similar statement can be made Most variations of Spectre and Meltdown - when this time, too, it is doubtful whether this will comfort the average consumer who is not an expert in the field, but is definitely concerned about the theoretical ability to damage his personal computers and access to his files and details. I HAVE D Will have to provide a solution to the gaps, and there is a high chance that in this case too, a simple and standard program update will not suffice to close the cracks.
Question mark exposure?
Throughout the network, questions about the source of this comprehensive security problem began to arise almost immediately. The Israeli CTS Labs company is described as being established only a year ago and is located in Tel Aviv and includes only four employees, with no previous reports of loopholes securing In other systems and products.
Many (including factors inI HAVE D Itself) expressed astonishment about the scope of its discovery and its documentation professionalism, which included a dedicated site, professional graphic descriptions with a logo and a corresponding name for each method, declarations to the media and channel videos YouTube Which opened a few days before the exposure. There are no complaints about the existence of the security problems, but there is no doubt that the source behind the information could be a deliberate blow to the reputation of the chip developer - perhaps in an attempt to run the company's shares.
Now there seems to be a good reason to wait for the official responses from me I HAVE D, In order to understand whether she accepts or rejects the allegations and accusations - and especially how she plans to act to correct the gaps and make sure that these will not repeat themselves in the family -RYZEN Upcoming 2000, and other products. Watch for updates.