AMD HAS ACKNOWLEDGED that its Ryzen and Epyc processors do indeed suffer from reported Spectre-like vulnerabilities and it will roll out firmware patches to plug them.
Last week, Israeli security firm CTS-Labs reported it had found a slew of security flaws at the heart of AMD's processors, notably with the Secure Processor its latest CPUs sport.
However, CTS-Labs admitted to having a vested interest in the performance of AMD's shares, likely a short position, and admitted that its findings should be taken with that in mind.
While the company's security research was verified by a third-party, others including Linux legend Linus Torvalds cast shade on the bug reporting.
Criticism was thrown at the way the flaws were discussed, the way that the company came out of nowhere to disclose them and the "overly aggressive" language that CTS Labs used in its the threat report.
Yet, AMD was uncharacteristically silent on the subject, despite our probing. Instead, it was vigorously looking into the reported threats, which turns out do exist.
"Security and protecting users' data is of the utmost importance to us at AMD and we have worked rapidly to assess this security research and develop mitigation plans where needed," said AMD's chief technology officer CTO Mark Papermaster.
"These issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
"AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations."
Like many of you dear readers, Papermaster pointed out that the flaws can only be exploited with administrative access to a machine with affected AMD processors. At that stage, CPU flaws aren't really the biggest security problem, as with administrative access, a malicious actor can wreak havoc with a system.
"Any attacker gaining unauthorised administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research," explained Papermaster.
"Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorised administrative access that would need to be overcome in order to affect these security issues."
While there was a lot of controversy around CTS-Labs research, AMD deserves some praise in taking a calm and measured approach to addressing them, rather than flying off the handle and immediately dismissing the reported threats.
These security flaws in AMD's CPUs appear to be a lot less of an issue that the Meltdown and Spectre flaws that made their debut at the start of the year. So if you have an AMD CPU there's probably not much to worry about, just make sure you're in line for a firmware update. µ
It's now safe to eat croissants over your laptop again
'Supply constraints' mean it won't be available to purchase seperately
Happy BA-has-screwed-something-up-Thursday everyone!
Top-end Core i9-9900K will allegedly be firm's first mainstream octa-core CPU