If what they're saying is accurate, it would mean that millions of AMD-powered PCs on the market today are vulnerable to having malicious code run on the secure boot section of the processor. Researchers typically give firms several months to prepare a fix before announcing the vulnerability publicly. According to the report, AMD Ryzen Workstation, Ryzen Pro, Ryzen Mobile, and EPYC Server chipsets are vulnerable.
"Secure Processor to be completely taken over by malware running on the main processor". A team of Israeli researchers has published a paper outlining critical security flaws in AMD chips, much like the vulnerabilities in Intel and Apple's silicon.
It is unclear how hard it would be for a malicious actor to obtain such a digitally signed driver. "We are investigating this report, which we just received, to understand the methodology and merit of the findings", an AMD spokesman said.
AMD will update the blog here with any further information. However, they also admitted they don't know if these AMD flaws are being exploited in the wild and "firmware vulnerabilities such as Masterkey, Ryzenfall and Fallout take several months to fix, [and] hardware vulnerabilities such as Chimera can not be fixed and require a workaround".
Although CTS Labs did not include details regarding the AMD flaws, Jake Williams, founder and CEO of Rendition Infosec LLC based in Augusta, Ga., said on Twitter that the report appears legitimate.
Domain info for CTS Labs said the URL was just registered in June 2017 and Kevin Beaumont, a security researcher based in the United Kingdom, said there should be verification of CTS Labs before accepting the report as valid.