AMD chip fleet affected by security flaws as big as spectre. 13 exploits across what seems entire AMD x86 range

By Mando
in Back Page News

 Share

Recommended Posts

Grand Master

Mando

Posted
Posted

Essentially, the security holes can be exploited by malware already present in a computer to bury deep into its machinations to ensure it can't be easily detected and removed – not even by wiping hard drives and reinstalling everything from scratch. The malware can inject itself into motherboard firmware to stay out of sight, all while meddling with or siphoning off files and other personal information, and interfering with system hardware.

 

But it's important to note that a software nasty has to have superuser powers to abuse the programming cockups found by CTS-Labs. At which point, the malware already can spy on its victim, steal their data, hold their files to ransom, and so on.

 

https://www.theregister.co.uk/2018/03/13/amd_flaws_analysis/

 

now while it requires admin access to be a "thing" this isnt really that different from the prereqs required for spectre to be a real "thing". anyone in info sec knows, its not THAT hard to gain elevated privs on an OS level, if you know how ;) 

 

Could this be the reason AMD were very coy about spectre exploits etc, as they had this looming instead?  

 

 

Link to comment
Share on other sites
Grand Master

Brandon

Posted
Posted

Does any of this actually matter? You still need to have the malware installed for anything to happen, right? If so, wouldn't a software protection be just fine?

Link to comment
Share on other sites
Grand Master

Mando

Posted
  • Author
Posted
4 hours ago, Luc2k said:

 

lol his tinfoil hat has slipped, this is as big and as serious as spectre. Just because it needs elevated privs to be a thing, isnt a safeguard, spectre is exactly the same. Wait for the exploit to be bundled with an elevated priv exploit and whala all of a sudden it is a "thing" or the user hit with the payload running as adm 24/7 ;) suddenly its a "thing"

2 hours ago, Brandon said:

Does any of this actually matter? You still need to have the malware installed for anything to happen, right? If so, wouldn't a software protection be just fine?

once past the security perimeter its a huge problem. just as spectre would be.

 

no software protection is invincible.

2 hours ago, Brandon H said:

Hey @Mando there's actually already a thread about this in the Hardware Hangout forum. :)

 

Soz brandon, i did quickly check but couldnt see one, my bad, its cool to delete/merge.

 

Link to live article :- 

 

Link to comment
Share on other sites
  • Mando locked this topic
This topic is now closed to further replies.
 Share
Go to topic listing