After successfully tackling the Meltdown and Spectre security attacks, a group of Israeli security researchers have discovered a major security flaw in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices.
CTS-Labs, a security company based in Israel, announced that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers. Meanwhile, the details of the vulnerabilities were not specified, leading to many speculations.
The researchers gave AMD less than 24 hours to examine the vulnerabilities and respond before publishing their report. In almost every responsible vulnerability disclosure, companies are given at least 90 days to fix a flaw -- which can be extended, if certain conditions are met. As per the report published, any consumer or organization purchasing AMD Servers, Workstations, or Laptops are affected by these vulnerabilities. These are serious security flaws, but the manner in which they are publicized around the web have aroused suspicion.
In response to the security flaw, AMD said, "We are investigating this report, which we just received, to understand the methodology and merit of the findings.”