AMD found itself in the bullseye this week as an Israel-based security firm today published a report of multiple critical vulnerabilities in the microprocessor vendor's latest EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile product families.
CTS Labs said it found exploitable manufacturer hardware-backdoors in the microprocessors that could allow an attacker to wrest away control of a victim's machine. The vulns, which it dubbed Chimera, Ryszenfall, Fallout, and Masterkey, can bypass security protections, including Microsoft's Windows 10 Virtualization Based-Security (VBS).
Details on how to exploit the flaws were redacted from the whitepaper, which CTS provided to AMD, some security firms, and US government regulators, CTS said. No other details were available as of this posting.
AMD apparently had little time to respond to the disclosure. "We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops," the company wrote in an online post.
See the CTS report here.