The news: CTS-Labs, an Israeli cybersecurity firm, says it has found multiple flaws in AMD’s Ryzen and Epyc processors that could let hackers who’ve already compromised computers access secure portions of the processors to install malware or steal sensitive data like encryption keys. The 13 different vulnerabilities affect processors found in desktops, laptops, and servers.
The flaws: The researchers have published a list of the different flaws but have withheld some technical details that would let them be easily exploited. In a clear play for publicity, they gave AMD just 24 hours’ notice of their findings, compared with the typical 90-day notice period that most security researchers provide. AMD says it’s studying the findings and is committed to protecting its customers.
Spectre redux: Earlier this year, serious security flaws dubbed Spectre and Meltdown were found in Intel and ARM processors, as well as a smaller number of AMD processors. Fixes for these have slowed computers down. AMD is now facing another big security headache, with no immediate cure available.
