The vulnerabilities also impact EPYC processors, with four high-severity variants enabling arbitrary code execution and data integrity issues. These vulnerabilities, affecting Ryzen desktop, HEDT, Pro, and Mobile processors, can be exploited via BIOS manipulation or attacks on the AMD Secure Processor bootloader.ĪMD has detailed AGESA revisions for OEMs to patch the vulnerabilities, with BIOS patches’ availability varying by the vendor. The company collaborated with researchers from Google, Apple, Oracle, and others in a coordinated disclosure to develop mitigations before public disclosure. ![]() Not just that, AMD discreetly disclosed 31 new CPU vulnerabilities through a January update, affecting both its consumer-oriented Ryzen chips and EPYC data centre processors. While the vulnerability itself is common, the challenge lies in effectively deploying fixes, as prolonged exposure to such vulnerabilities can lead to more potent hacking strategies in the future. Addressing this requires changes in cybersecurity approaches. Similar to Intel’s Meltdown and Spectre vulnerabilities, the exploit leverages CPU’s internal mechanisms to extract sensitive data, functioning Zenbleed’s impact could be substantial due to slow enterprise security update adoption. AMD has released an update for EPYC 7002 series chips, but a comprehensive firmware fix is pending. This poses a significant security risk, particularly for enterprises that use these chips. Unlike previous exploits, Zenbleed allows remote exploitation without physical hardware access. Recently, security researchers also discovered a new bug or vulnerability-’ Zenbleed’ in AMD CPUs using the Zen 2 architecture. It seems like AMD is in a whirlwind of issues, and it doesn’t just end there. This could potentially allow salvage-titled vehicles, which are not eligible for certain Tesla services due to damage, to access services like the Supercharging network. Furthermore, the exploit could extract a hardware-bound RSA key used for authenticating and authorizing a car within Tesla’s internal service network. One of the notable consequences of this exploit is that it’s considered “unpatchable,” meaning Tesla currently lacks a known solution to mitigate it. This access could potentially allow an attacker to unlock features that are typically locked behind paywalls, such as vehicle upgrades that Tesla offers for a fee. ![]() This attack granted them root permissions, enabling them to make persistent changes to the vehicle’s Linux system and decrypt data stored in the Trusted Platform Module (TPM). ![]() The researchers employed voltage fault injection (or voltage glitching) and attacked the AMD Ryzen SoC used in MCU-Z‘s Platform Security Processor. The attack targeted the third-generation MCU (MCU-Z), which is based on a custom AMD Ryzen SoC. The researchers exploited a known flaw in the AMD processor that controls Tesla’s MCU. A group of security researchers from Technical University (TU) Berlin have identified a vulnerability in the AMD-based Media Control Unit in modern Tesla vehicles, allowing them to unlock paid features and gain access to other subsystems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |