silversurfer

Level 60
Verified
Trusted
Content Creator
Malware Hunter
AMD said it plans to release firmware updates to fix a trifecta of bugs that impact some of its notebook and embedded systems CPUs.

The three bugs, which AMD refers to as "SMM Callout," allow attackers to take control over the UEFI firmware of AMD CPUS, and inherently of the entire computer.

AMD said the bugs impact a small fraction of Accelerated Processing Unit (APU) CPUs released between 2016 and 2019. AMD APU processors, formerly known as AMD Fusion, are small-sized 64-bit microprocessors that include both a central processing unit (CPU) and graphics processing unit (GPU) on the same silicon die.

News of the three bugs came to light last weekend, on Saturday, June 13, when a security researcher named Danny Odler published a Medium blog post detailing one of the three SMM Callout bugs (the one that was already patched). [....]

Two other bugs remain unpatched, but in a security advisory published this week, AMD said it plans to have AGESA patches ready by the end of the month.
 

Raiden

Level 17
Verified
Content Creator
The three bugs, which AMD refers to as "SMM Callout," allow attackers to take control over the UEFI firmware of AMD CPUS, and inherently of the entire computer.

This is really, really, really bad. Wow a complete takeover of the machine. Far worse than Intel security issues.
Yes and no.

On the severity side yes, but on the overall amount of users impacted no.Intel still wins that one because it affected ALL of their CPUs regardless. In all fairness the Intel security issues are still very bad and to be frank there are way more of them. AMD for the most part has had far less security issues by comparison. All this highlights is that security vulnerabilities can happen to anyone, AMD is no exception. At least they are willing/able to fix it.

Xbox, Playstation, laptops all APU. Millions upon millions upon millions of devices out there. This is really, really, really bad.
Well AMD really hasn't had a strong presence in the laptop market for a very long time. It's only recently with their new Ryzen CPUs where they are starting to make in roads. Even then Intel still dominates the laptop market right now, so there is a much higher chance of a person having a laptop running an Intel CPU than AMD APU. When it comes to scale, Intel's issues are far more reaching than this one. Xbox and Playstation yes, but I don't think they really have too much to worry about, since the article says they either need physical access to the system, or malware with admin privileges which really isn't too much of an issue for consoles. It's not like they are downloading random stuff from websites like laptops and desktops. They are pretty much tied to the ecosystem of those platforms.
 
Last edited:
Top