A newly discovered vulnerability in AMD processors could affect millions of the manufacturer’s components. Dubbed Sinkclose, the flaw could give malicious actors persistent access, making it extremely difficult to recover a compromised system.
The issue was discovered by security firm IOActive and demonstrated in detail at Defcon last week. According to researchers, the Sinkclose vulnerability allows an attacker to place their malware on a processor in System Management mode, which is a sensitive mode with crucial firmware files.
This is a difficult vulnerability to exploit, as it requires “deep” access to the AMD PC or server. However, once implemented, the malicious code is difficult to remove. Even a complete format of the system drives would not solve the problem, explains Krzystof Okupski, one of the researchers at IOActive.
“Imagine state-sanctioned hackers, or anyone else who wants to persist in your system. Even if you wipe your entire drive, it’s still there,” Okupski told Wired. “It’s going to be nearly undetectable and nearly impossible to patch.”
To patch a compromised system, a person would have to physically open the computer and use a hardware-level programming tool called SPI Flash. It’s almost like a “manual analysis” of the processor data behind the malware to remove it.
AMD announces measures to mitigate the problem
The Sinkclose vulnerability is “new” in the sense that it was just discovered. However, the issue affects so many different CPUs because it has been around for a long time. So CPUs as far back as the Ryzen 3000 and the first generation Epyc are affected.
More safety:
However, the news is not as serious as it may seem. In addition to the difficulty in exploiting this flaw, as mentioned previously, AMD is already working on mitigating the problem. According to the manufacturer, almost all of its processors have already received patches, with only Zen 2 processors currently out of the loop, as they are older models.
According to WCCFTech, AMD thanked IOActive researchers for discovering and disclosing the vulnerability.
Join the Adrenaline Offers Group
Check out the best deals on hardware, components and other electronics that we found online. Video cards, motherboards, RAM and everything you need to build your PC. By joining our group, you receive daily promotions and have early access to discount coupons.
Join the group and enjoy the promotions
Source: https://www.adrenaline.com.br/noticias/milhoes-de-cpus-amd-sao-afetadas-por-nova-vulnerabilidade-sinkclose/
