AMD AutoUpdate Vulnerability Leaked
A remote code execution (RCE) vulnerability was discovered in AMD's AutoUpdate software, allowing malicious actors to inject malicious executables. The vulnerability was reported to AMD but deemed out of scope for their bug bounty program. AMD has yet to comment on the issue or provide a fix.
Key points
- A remote code execution (RCE) vulnerability was found in AMD's AutoUpdate software, allowing attackers to inject malicious executables.
- The vulnerability was discovered by a user who decompiled the software and found that it does not validate downloaded executable files.
- The user reported the issue to AMD, but it was closed due to the bug bounty program's terms of service excluding man-in-the-middle attacks.
- AMD has not commented on the issue or provided a fix, leaving users vulnerable to potential attacks.
- Experts warn that the vulnerability could be exploited by malicious actors on a user's network or by nation-states with access to the user's ISP.
AMD AutoUpdate Vulnerability Leaked
A remote code execution (RCE) vulnerability was discovered in AMD's AutoUpdate software, allowing malicious actors to inject malicious executables. The vulnerability was reported to AMD but deemed out of scope for their bug bounty program.
The user who discovered the vulnerability decompiled the software and found that it does not validate downloaded executable files. This means that an attacker on the same network or a nation-state with access to the user's ISP could intercept the download and replace it with a malicious executable.
The user reported the issue to AMD, but it was closed due to the bug bounty program's terms of service excluding man-in-the-middle attacks. AMD has not commented on the issue or provided a fix, leaving users vulnerable to potential attacks.
Experts warn that the vulnerability could be exploited by malicious actors on a user's network or by nation-states with access to the user's ISP. This highlights the need for companies to prioritize security and validate user input to prevent such vulnerabilities from occurring in the future.
What's Next?
AMD has yet to comment on the issue or provide a fix. Users are advised to exercise caution when using the AutoUpdate software and to consider alternative update methods until the issue is resolved. The vulnerability serves as a reminder of the importance of robust security measures in software development and the need for companies to prioritize user safety.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.