Researchers from security services firm IOActive have discovered a significant vulnerability affecting AMD processors.
This security flaw, which the researchers refer to as “Sinkclose,” can enable malware to infiltrate into a computer’s memory and lets attackers execute their own code in System Management Mode, a highly privileged execution mode meant for running sensitive tasks. The extent of the infection is so severe that a complete replacement of the affected machine may be the only option. The researchers claim that the flaw has persisted for decades and affects every AMD chip manufactured since 2006.
To exploit the Sinkclose vulnerability, an attacker would need to gain access to the computer’s operating system kernel, which can be achieved by exploiting existing vulnerabilities in OSs like Windows and Linux. Once the attacker is in, they can then deploy a bootkit. It’s a type of rootkit malware that typical antivirus protection won’t be able to detect and can persist even when the operating system is reinstalled.
AMD has acknowledged this vulnerability and published a new security bulletin page for Sinkclose, which the company marked with a “high” severity rating due to its potential impact for arbitrary code execution. The company has listed all affected products as well, along with mitigation options for certain products.
The IOActive security researchers, Enrique Nissim and Krzysztof Okupski, presented their findings at this year’s Defcon hacker conference in Las Vegas, Nevada. They agreed not to provide any proof-of-concept code to demonstrate the Sinkclose exploit so there’s time to create and deploy security patches for affected AMD processors.
Via: Wired