It looks like this year shows no mercy to CPU manufacturers. It wasn’t long ago since information about Spectre and Meltdown vulnerabilities in Intel processors became public. Recently, specialists detected more critical threats in AMD processors.
The most concerning part of these findings is that they affect the protected area of CPU, a special area that keeps the most important data such as passwords and decryption keys.Moreover, the same area is responsible for monitoring any malicious activity during the startup.
It was Israeli security company CTS-Labs that made the announcement. They have found 13 critical issues which, theoretically, allow cybercriminals accessing data and installing malware on systems that have AMD Ryzen and EPYC processors. AMD Ryzen was primarily used on consumer devices, laptops, and desktop PCs, while EPYC was mainly used in servers.
Unlike Google Project Zero, which gave the industry a half of a year to investigate the issue before they made the information public, CTS-Labs decided not to wait. They contacted AMD first but made the information public in less than a day.
AMD reacted instantly, announcing that security was a priority for the company and they have started analyzing the report already. And so have we, your trusty London IT support. We will publish the results soon.