There is a serious security vulnerability that has existed for 18 years in AMD processors, but it is not too worrying
An attacker could exploit this vulnerability to infect the CPU with malware and penetrate deep into the operating system. However, the good news is that this vulnerability is not easy to exploit, and AMD processor owners do not need to worry too much at the present time.
IOActive security experts call this vulnerability 'Sinkclose'. It has existed in PCs, data centers, and embedded AMD processors (chips used in cars or industrial equipment) for as long as 2006. To keep AMD chips backward compatible, manufacturers chip export added a feature that can modify privileged CPU configuration. That's the vulnerability that security researchers have found and exploited.
By abusing Sinkclose, malicious actors can modify processor configurations that are highly protected and only accessible through System Management Mode (SMM). System management operates at a higher privilege level than the operating system. And so, any changes made in this mode are 'invisible' and inaccessible to the operating system.
Threat actors could theoretically use this elevated access to install malware that runs at startup, known as before the operating system. Therefore, common processing procedures such as reinstalling the operating system, clearing memory or using anti-virus software are completely ineffective in eliminating this vulnerability. Instead, you will have to physically link it to the processor using a special programming device to detect and remove malware.
Fortunately, it is very difficult to execute an attack targeting this vulnerability. To start, an attacker will need kernel-level access - the kernel - which is the core that has complete control over the entire operating system. Modern operating systems have protections against unauthorized kernel access, so an attacker would have to bypass multiple layers of perimeter security to do so. Therefore, although the mining process is in fact present, the threat that Sinkclose poses is minimal to the average user.
In response to IOActive, AMD published a list of vulnerable processors along with some mitigation tips. The company is also implementing security patches for the affected processors.
You should read it
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- Detected critical zero-day vulnerability on Adobe Reader
- Discovered a new zero-day vulnerability on macOS that allows attackers to run commands remotely
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connection
- Detecting an 8-year-old security flaw, affecting 150 HP printer models
- Network security guide before vulnerability 196
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
May be interested
- AMD and ARM both warned of security flaws like Intel processorsnot only are intel processors affected but amd processors and arm mobile processors also have vulnerabilities that could threaten billions of devices globally.
- Detected critical zero-day vulnerability on Adobe Readeradobe has just released the may security update to patch security holes in 12 of their products. among them is a serious zero-day vulnerability in adobe reader that is being actively exploited by hackers.
- Discovered a new zero-day vulnerability on macOS that allows attackers to run commands remotelyan international team of security researchers has publicly disclosed a new vulnerability that exists in apple's macos finder.
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!a group of free security researchers recently announced the zero-day vulnerability in the dropbox version of the windows app.
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connectioninternational security researchers have found an entirely new linux vulnerability that allows potential attackers to hijack vpn connections on the device * nix and 'inject' the arbitrary data payload into it. tcp4 and ipv6 streams.
- Detecting an 8-year-old security flaw, affecting 150 HP printer modelsresearchers have discovered several security vulnerabilities affecting at least 150 models of hp multifunction printers (print, scan, fax).
- Network security guide before vulnerability 196first we need to understand the attacks using this vulnerability must be done within the network. the culprit must have network certificates and need to have a successful connection to your network.
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worsea new windows search vulnerability can be exploited to automatically open a search window containing remotely hosted malicious executable files just by launching a word document.
- 13 popular applications have serious security vulnerabilities, users need to update immediatelyapple and the citizen lab have just discovered a serious security vulnerability, affecting a series of popular applications and millions of internet users.
- Serious warning about Windows WMF vulnerabilitysymantec announced an alert 3 for windows' unpatched wmf security vulnerability. this is the second time in the last 18 months an alarm has appeared. because the official patch will not be available before january 10, 2006, for n & ecir