ButSpeak.com
News which Matters.
A severe vulnerability in AMD processor firmware, identified by IOActive researchers, may give attackers deep control over computers, potentially leading to irreversible damage. The flaw affects nearly all AMD chips since 2006.
Key Points
- Researchers from IOActive have discovered a significant vulnerability in AMD processor firmware, known as “Sinkclose,” which affects nearly all AMD chips released since 2006.
- The flaw allows attackers to gain deep control over affected computers, potentially leading to “unfixable” infections.
- The vulnerability could compromise hardware-level security, making it a critical concern for users of AMD processors.
- The discovery will be presented by IOActive researchers Enrique Nissim and Krzysztof Okupski at the Defcon hacker conference on August 10, 2024.
- The flaw’s impact is severe enough that a compromised system might require replacement, as traditional fixes may not be sufficient.
Security researchers from the firm IOActive have unveiled a major vulnerability in AMD processor firmware, which could grant attackers extensive control over affected computers. The flaw, identified as “Sinkclose,” has been found in nearly every AMD chip manufactured since 2006. This vulnerability exposes a critical weakness in the firmware—software that is essential for the hardware’s operation—making it a prime target for hackers seeking deep system access.
According to Wired, the Sinkclose flaw poses a significant threat under the right conditions. If exploited, it could lead to infections that are described as “unfixable” by the researchers. In practical terms, this means that once a system is compromised through this vulnerability, users might face the harsh reality of having to discard their computers entirely, as standard remediation efforts may prove ineffective.
The researchers behind this discovery, Enrique Nissim and Krzysztof Okupski of IOActive, are scheduled to present their findings at the Defcon hacker conference in Las Vegas on August 10, 2024. Their presentation will shed light on the nature of the vulnerability and its implications for users of AMD processors.
The Sinkclose flaw highlights the importance of robust firmware security and the potential risks associated with hardware-level vulnerabilities. As the tech community awaits further details from the Defcon conference, users of affected AMD chips are advised to stay informed about potential updates or fixes that may be issued in response to this critical security issue.
What is Sinkclose Flaw?
The firmware vulnerability identified by Nissim and Okupski would allow hackers to run their own code in AMD’s System Management Mode, which is intended to run the processor’s firmware. This “Sinkclose” vulnerability would allow an attacker to infect the computer with a “bootkit” type of malware that targets the Master Boot Record. Bootkit malware can evade antivirus software and is potentially invisible to the operating system.
