由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Hardware版 - AMD Ryzen 漏洞被发现了
相关主题
AMD透露Epyc服务器芯片更多细节 多方面挑战英特尔至强平台这个Ryzen的设计者是谁啊,不是烙印吧
ThreadRipper 16C/32T趁着ryzen的东风,各位要是有intel 3年内的台式机出
AMD又调皮了:如此肆无忌惮羞辱IntelAMD Ryzen彻底立功!Intel宣布回归CPU性能提升
大家对AMD的新Ryzen CPU怎么看?按摩店的游戏性能
最近手痒想装机Ryzen所有型号都不整合GPU么?
AMD Ryzen的评测结果有点好啊, 牙膏厂有危险Apple会用Ryzen吗
希望这次AMD能重振武林Ryzen装机汇报
请帮忙推荐一部laptop!!!!!!!!!!!!!!!!!等等吧。明年Zen出第二代,性能提升15%
相关话题的讨论汇总
话题: amd话题: ryzen话题: chimera话题: ryzenfall话题: labs
进入Hardware版参与讨论
1 (共1页)
k**0
发帖数: 19737
1
AMD's Ryzen Chips Vulnerable to New Attacks
Researchers have found 13 critical security vulnerabilities in AMD's Ryzen
and EPYC processors that can infect the PCs with malware, give attackers
access to important data, read and write files and take over chipsets
entirely. CNET first reported on the issues.
The vulnerabilities were discovered by Israeli security firm CTS-Labs, which
gave AMD less than 24 hours' notice before CTS-Labs disclosed the issues. (
Standard security-research practice is to provide the vendor with 90 days'
notice.) However, CTS-Labs is cagey about the technical details, which may
make the attacks exploiting the flaws difficult to reproduce.
The flaws and their related attacks fall into four camps, which CTS-Labs
named Masterkey, Ryzenfall, Chimera and Fallout.
"At AMD, security is a top priority and we are continually working to ensure
the safety of our users as new risks arise," an AMD spokesperson told
Laptop Mag. "We are investigating this report, which we just received, to
understand the methodology and merit of the findings."
Masterkey can affect the widest swath of machines, including laptops (
running Ryzen Mobile), powerful creative machines (with Ryzen Pro) and
workstations and servers (running Ryzen Workstation and EPYC Server chips,
respectively). The attack involves reflashing the BIOS, which can be done
via malware infection. Successful exploitation of the flaw would let
attackers disable security features and even launch unwanted programs upon
startup.
Ryzenfall, Chimera and Fallout are less of a direct threat, because they
each require that an attacker must "be able to run a program with local-
machine elevated administrator privileges" and supply "a driver that is
digitally signed by the vendor," according to the researchers' white paper.
(Simpler explanations are at the new website dedicated to promoting the
flaws, AMDFlaws.com.)
If bad actors, even those without direct physical access, had that kind of
power on a machine, they could do whatever they wanted anyway. Supplying a
spoofed digital signature isn't within the skill set of most ordinary
cybercriminals.
Ryzenfall makes it possible for attackers to target any Ryzen-based machine
and use malicious code to take over the processor completely, which would
allow access to all sorts of protected data, including passwords. The
researchers suggest that there are parts of the CPU that Ryzenfall can
access that previous attacks couldn't get to.
Chimera, which affects Ryzen Workstation and Ryzen Pro machines, has two
variants: hardware and firmware. On the hardware site, the chipset allows
for malware to be run, so it can be infected through Wi-Fi, Bluetooth or
other wireless traffic. On the firmware side, there's the issues that
malware can be put directly on the CPU. But you have to weaken the processor
with the Chimera attack first.
Fallout is likely to affect only enterprises, as it is limited to EPYC
server chips. It lets attackers both read and write from protected memory
areas, including Windows Defender Credential Guard, which stores data in a
separated part of the operating system. We have reached out to Microsoft
about this and will update if it gets back to us.
Researchers told CNET that these flaws might take several months to fix,
although AMD has yet to provide a timeline. At the moment, the best option
is to always keep your operating system updated, and, when possible, install
the latest patches from your machine's vendor or from AMD. These are the
same tips to follow if your machine is affected by Spectre or Meltdown,
which affected Intel, AMD and ARM Processors.
https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-
its-own/
1 (共1页)
进入Hardware版参与讨论
相关主题
等等吧。明年Zen出第二代,性能提升15%最近手痒想装机
AMD new 16 core HEDT RumorAMD Ryzen的评测结果有点好啊, 牙膏厂有危险
16核心32线程!AMD Ryzen发烧版曝光:Intel彻底慌了希望这次AMD能重振武林
Ryzen 5 1600 + MB + RAM. Is this a deal?请帮忙推荐一部laptop!!!!!!!!!!!!!!!!!
AMD透露Epyc服务器芯片更多细节 多方面挑战英特尔至强平台这个Ryzen的设计者是谁啊,不是烙印吧
ThreadRipper 16C/32T趁着ryzen的东风,各位要是有intel 3年内的台式机出
AMD又调皮了:如此肆无忌惮羞辱IntelAMD Ryzen彻底立功!Intel宣布回归CPU性能提升
大家对AMD的新Ryzen CPU怎么看?按摩店的游戏性能
相关话题的讨论汇总
话题: amd话题: ryzen话题: chimera话题: ryzenfall话题: labs