Israeli security firm CTS Labs announces the discovery of no less than 13 critical security vulnerabilities and manufacturer backdoors in AMD EPYC, Ryzen, Ryzen Pro and Ryzen Mobile processors.
The flaws potentially allow attackers to run malware that is not only nearly impossible to detect, but also provides direct access to the most (supposedly) secure part of the processor, namely the part storing sensitive data such as passwords and encryption keys. Taking advantage of most of the vulnerabilities does require administrative access, but they still allow a higher potential for damage than most regular attacks.
Read more...