In a joint effort to address significant security concerns, both AMD and Intel have released crucial patches to remedy vulnerabilities affecting their respective hardware offerings. The security flaws, if left unaddressed, could potentially allow threat actors to execute malicious code, leading to severe consequences such as denial of service attacks, privilege escalation, and complete endpoint takeover.
AMD’s Security Fixes:
AMD has identified and addressed four vulnerabilities impacting various versions of its Zen-based CPUs. These vulnerabilities, collectively tracked as CVE-2023-20576, CVE-2023-20577, CVE-2023-20579, and CVE-2023-20587, compromise the security of the SPI interface connecting to the BIOS flash chip.
Rated as “high severity,” these flaws could be exploited by threat actors with local access to the system. The affected CPUs range from original Zen chips to the latest Zen 4 processors. While patches have been released through a new version of AGESA, the base code for motherboard BIOS, the deployment of these updates may take time as users need to update their BIOS accordingly.
AMD credits Enrique Nissim, Krzysztof Okupski, and Joseph Tartaro of IOActive for discovering and reporting these vulnerabilities. The company urges users to apply patches promptly, emphasizing the importance of following security best practices.
Intel’s Comprehensive Security Measures:
Simultaneously, Intel has addressed almost three dozen vulnerabilities across various software and firmware components. Among them, 32 bugs impact different chipset drivers, Wi-Fi, and other software components, while the remaining two affect both software and firmware for Thunderbolt.
Of particular concern is a software issue in Thunderbolt drivers, encompassing 20 different exploits that could allow threat actors to escalate privileges, perform denial of service attacks, and steal data. While the majority of these exploits require local access to the device, addressing the flaws necessitates updating each listed software and firmware individually, posing a significant challenge for users.
Intel’s proactive approach to patching these vulnerabilities emphasizes the critical importance of prompt updates to ensure system security. Users are strongly advised to adhere to the provided patches and recommendations to mitigate potential risks associated with these security flaws.