INFRA
INFRA
INFRA
AMD confirms chip vulnerabilities and promises a fix is on its way
Advanced Micro Devices Inc. today confirmed vulnerabilities first disclosed by Israeli security firm CTS Labs last week and has promised that a fix is on its way.
The vulnerabilities, found in AMD’s Epyc secure processor and the Ryzen chipset, could allow attackers to take control of systems running on these chipsets, access secure data and even install malware.
While confirming that the vulnerabilities are real, AMD said that the risk they present is overstated, that there’s no evidence that of any of the potential exploits has been used for malevolent purposes, and that it would be extremely difficult to use any of them to attack computers.
Richard Henderson, global security strategist at Absolute Software Corp., told SiliconANGLE that the research and vulnerabilities shouldn’t be a huge surprise because it’s common for researchers to focus their attention on similar products when a major issue is found.
“In this case, the wide-scale attention that processors and hardware have received as a result of the Spectre and Meltdown vulnerabilities meant that it was probable that something else would be found in other products,” Henderson said. “The odds are good that a particularly skilled cybercriminal or state-sponsored group will leverage these types of vulnerabilities to develop new exploits.”
Henderson cautioned that the first step for enterprises, as with the Spectre and Meltdown flaws, is not to panic. “While these new vulnerabilities do appear to have well-developed proof-of-concept code, there’s nothing in the wild yet taking advantage of them,” he said. “It’s likely we’ll see patches hitting devices sooner rather than later.”
It’s time for enterprises to take full stock of all of their devices to determine how exposed those devices are to these new issues, he added. “Once you have an understanding as to how many devices you have that are vulnerable, you will be in a strong position to either implement additional controls for those endpoints or temporarily swap them out for other unaffected devices until patches can be developed and deployed.”
Image: CTS-Labs
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
