• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

AMD chip fleet affected by security flaws as big as spectre. 13 exploits across what seems entire AMD x86 range

Recommended Posts

Mando    5,115

Essentially, the security holes can be exploited by malware already present in a computer to bury deep into its machinations to ensure it can't be easily detected and removed – not even by wiping hard drives and reinstalling everything from scratch. The malware can inject itself into motherboard firmware to stay out of sight, all while meddling with or siphoning off files and other personal information, and interfering with system hardware.

 

But it's important to note that a software nasty has to have superuser powers to abuse the programming cockups found by CTS-Labs. At which point, the malware already can spy on its victim, steal their data, hold their files to ransom, and so on.

 

https://www.theregister.co.uk/2018/03/13/amd_flaws_analysis/

 

now while it requires admin access to be a "thing" this isnt really that different from the prereqs required for spectre to be a real "thing". anyone in info sec knows, its not THAT hard to gain elevated privs on an OS level, if you know how ;) 

 

Could this be the reason AMD were very coy about spectre exploits etc, as they had this looming instead?  

 

 

Share this post


Link to post
Share on other sites
Luc2k    753

 

  • Like 1

Share this post


Link to post
Share on other sites
Brandon H    2,070

Hey @Mando there's actually already a thread about this in the Hardware Hangout forum. :)

 

Share this post


Link to post
Share on other sites
Brandon    214

Does any of this actually matter? You still need to have the malware installed for anything to happen, right? If so, wouldn't a software protection be just fine?

Share this post


Link to post
Share on other sites
Mando    5,115
4 hours ago, Luc2k said:

 

lol his tinfoil hat has slipped, this is as big and as serious as spectre. Just because it needs elevated privs to be a thing, isnt a safeguard, spectre is exactly the same. Wait for the exploit to be bundled with an elevated priv exploit and whala all of a sudden it is a "thing" or the user hit with the payload running as adm 24/7 ;) suddenly its a "thing"

2 hours ago, Brandon said:

Does any of this actually matter? You still need to have the malware installed for anything to happen, right? If so, wouldn't a software protection be just fine?

once past the security perimeter its a huge problem. just as spectre would be.

 

no software protection is invincible.

2 hours ago, Brandon H said:

Hey @Mando there's actually already a thread about this in the Hardware Hangout forum. :)

 

Soz brandon, i did quickly check but couldnt see one, my bad, its cool to delete/merge.

 

Link to live article :- 

 

Share this post


Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.