{"id":37377,"date":"2018-03-21T08:22:07","date_gmt":"2018-03-21T07:22:07","guid":{"rendered":"http:\/\/www.planet3dnow.de\/cms\/?p=37377"},"modified":"2018-03-21T19:07:28","modified_gmt":"2018-03-21T18:07:28","slug":"amd-bestaetigt-luecken-ryzenfall-co-und-kuendigt-updates-an","status":"publish","type":"post","link":"https:\/\/www.planet3dnow.de\/cms\/37377-amd-bestaetigt-luecken-ryzenfall-co-und-kuendigt-updates-an\/","title":{"rendered":"AMD<\/span> best\u00e4tigt L\u00fccken Ryzenfall &<\/span> Co. und k\u00fcndigt Updates an"},"content":{"rendered":"

Heu\u00adte Nacht unse\u00adrer Zeit hat AMD<\/span> die k\u00fcrz\u00adlich publi\u00adzier\u00adten Sicher\u00adheits\u00adl\u00fc\u00adcken in aktu\u00adel\u00adlen AMD-Platt\u00adfor\u00admen best\u00e4\u00adtigt, die durch die Sicher\u00adheits\u00adfir\u00adma CTS-Labs ver\u00ad\u00f6f\u00adfent\u00adlicht wor\u00adden waren. Das White\u00adpa\u00adper hat\u00adte gro\u00ad\u00dfen Wir\u00adbel ver\u00adur\u00adsacht<\/a>, da CTS-Labs bei der Auf\u00adde\u00adckung nicht den \u00fcbli\u00adchen Weg beschrit\u00adten hat\u00adte, den Her\u00adstel\u00adler 45 oder 90 Tage vor\u00adab zu infor\u00admie\u00adren, kei\u00adnen Com\u00admon Vul\u00adnerabi\u00adli\u00adties and Expo\u00adsures (CVE<\/span>) Ein\u00adtrag vor\u00adge\u00adnom\u00admen hat\u00adte und sich mit Fake-B\u00fcro-Fotos per Green-Box zu pro\u00adfi\u00adlie\u00adren ver\u00adsuch\u00adte. Zudem war das White\u00adpa\u00adper unge\u00adw\u00f6hn\u00adlich scharf und h\u00e4misch ver\u00adfasst. Allein die Code\u00adna\u00admen der Bugs \u2013 Ryzen\u00adfall oder pho\u00adne\u00adtisch rise and fall<\/em> (engl. f\u00fcr Auf\u00adstieg-und-Absturz) \u2013 lie\u00ad\u00dfen vie\u00adle Beob\u00adach\u00adter an der Inten\u00adti\u00adon der Ver\u00adfas\u00adser zwei\u00adfeln. Bei den Chi\u00adme\u00adra-Bugs, wel\u00adche auf zuge\u00adkauf\u00adte Tech\u00adno\u00adlo\u00adgie von ASMe\u00addia zur\u00fcck\u00adzu\u00adf\u00fch\u00adren sind, wur\u00adde zudem nur AMD<\/span> als betrof\u00adfen erw\u00e4hnt, obwohl ASMe\u00addia-Con\u00adtrol\u00adler auch auf vie\u00adlen Intel-Pla\u00adti\u00adnen zu fin\u00adden sind; in der St\u00fcck\u00adzahl auf\u00adgrund des hohen Markt\u00adan\u00adteils ver\u00admut\u00adlich sogar auf weit mehr als auf AMD-Platt\u00adfor\u00admen. Dass zudem mit Vice\u00adroy Rese\u00adarch noch eine Fir\u00adma auf den Zug auf\u00adge\u00adsprun\u00adgen ist, gegen die in meh\u00adre\u00adren L\u00e4n\u00addern wegen mut\u00adma\u00df\u00adli\u00adcher Kurs\u00adma\u00adni\u00adpu\u00adla\u00adti\u00adon an der B\u00f6r\u00adse ermit\u00adtelt wird, lie\u00df die Akti\u00adon nicht seri\u00f6\u00adser erscheinen.<\/p>\n

Da AMD<\/span> erst weni\u00adger als einen Tag vor Ver\u00ad\u00f6f\u00adfent\u00adli\u00adchung infor\u00admiert wor\u00adden war, bat man um etwas Zeit, die Sache zu pr\u00fc\u00adfen. Inzwi\u00adschen hat AMD-CTO<\/span> Mark Paper\u00admas\u00adter in einem Blog-Ein\u00adtrag<\/a> die L\u00fccken best\u00e4\u00adtigt und n\u00e4her ausgef\u00fchrt:<\/p>\n

Secu\u00adri\u00adty and pro\u00adtec\u00adting users\u2019 data is of the utmost importance to us at AMD<\/span> and we have work\u00aded rapidly to assess this secu\u00adri\u00adty rese\u00adarch and deve\u00adlop miti\u00adga\u00adti\u00adon plans whe\u00adre nee\u00added. This is our first public update on this rese\u00adarch, and will cover both our tech\u00adni\u00adcal assess\u00adment of the issues as well as plan\u00adned miti\u00adga\u00adti\u00adon actions.<\/p>\n

The secu\u00adri\u00adty issues iden\u00adti\u00adfied by the third-par\u00adty rese\u00adar\u00adchers are not rela\u00adted to the AMD<\/span> \u201cZen\u201d CPU<\/span> archi\u00adtec\u00adtu\u00adre or the Goog\u00adle Pro\u00adject Zero exploits made public Jan. 3, 2018. Ins\u00adtead, the\u00adse issues are asso\u00adcia\u00adted with the firm\u00adware mana\u00adging the embedded secu\u00adri\u00adty con\u00adtrol pro\u00adces\u00adsor in some of our pro\u00adducts (AMD<\/span> Secu\u00adre Pro\u00adces\u00adsor) and the chip\u00adset used in some socket AM4<\/span> and socket TR4<\/span> desk\u00adtop plat\u00adforms sup\u00adport\u00ading AMD<\/span> processors.<\/p><\/blockquote>\n

Aller\u00addings beton\u00adte Paper\u00admas\u00adter, dass zur Aus\u00adnut\u00adzung der L\u00fccken ein poten\u00adzi\u00adel\u00adler Angrei\u00adfer vol\u00adle Zugriffs\u00adrech\u00adte auf das Sys\u00adtem haben muss. Mit die\u00adsen Rech\u00adten aus\u00adge\u00adstat\u00adtet sind Ryzen\u00adfall &<\/span> Co. jedoch im Grun\u00adde schon wie\u00adder irrele\u00advant, denn wenn der Angrei\u00adfer es so weit gebracht hat, die L\u00fccken aus\u00adnut\u00adzen zu k\u00f6n\u00adnen, hat er ja bereits vol\u00adle Sys\u00adtem\u00adrech\u00adte und ben\u00f6\u00adtigt die L\u00fccken zur Aus\u00adnut\u00adzung gar nicht mehr. Den\u00adnoch ver\u00adsprach AMD<\/span>, die L\u00fccken per Firm\u00adware-Updates zu schlie\u00ad\u00dfen. Dies soll in den n\u00e4chs\u00adten Wochen pas\u00adsie\u00adren und ohne Leis\u00adtungs\u00adver\u00adlust einhergehen.<\/p>\n

<\/p>

<\/a><\/center>\n","protected":false},"excerpt":{"rendered":"

Das White\u00adpa\u00adper hat\u00adte gro\u00ad\u00dfen Wir\u00adbel ver\u00adur\u00adsacht, da CTS-Labs bei der Auf\u00adde\u00adckung nicht den \u00fcbli\u00adchen Weg beschrit\u00adten hat\u00adte, den Her\u00adstel\u00adler 45 oder 90 Tage vor\u00adab zu infor\u00admie\u00adren, kei\u00adnen Com\u00admon Vul\u00adnerabi\u00adli\u00adties and Expo\u00adsures (CVE<\/span>) Ein\u00adtrag vor\u00adge\u00adnom\u00admen hat\u00adte und sich mit Fake-B\u00fcro-Fotos per Green-Box zu pro\u00adfi\u00adlie\u00adren ver\u00adsuch\u00adte. (\u2026) Wei\u00adter\u00adle\u00adsen \u00bb<\/a><\/p>\n","protected":false},"author":2,"featured_media":80,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"ngg_post_thumbnail":0,"footnotes":""},"categories":[12],"tags":[833,966,793,1121,1463,1464,1461],"class_list":["post-37377","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aktuelles","tag-am4","tag-amd","tag-asmedia","tag-bug","tag-chimera","tag-cts","tag-ryzenfall","entry"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/37377","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/comments?post=37377"}],"version-history":[{"count":15,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/37377\/revisions"}],"predecessor-version":[{"id":37416,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/37377\/revisions\/37416"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media\/80"}],"wp:attachment":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media?parent=37377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/categories?post=37377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/tags?post=37377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}