A major security flaw has been found in AMD processors. This could have serious consequences for millions of people who use computers with this processor inside, including popular models from Dell and HP that use the company’s chipsets.
AMD’s processors are built to make your personal computer, smartphone or tablet faster and more responsive. But the company has now revealed that millions of its computers are affected by a security flaw. The problem lies in AMD’s Platform Security Processor (PSP), which is used to secure sensitive data across the PC platform – including PCs, tablets, smartphones and even cloud servers.
What is PSP?
PSP is a hardware component that was added to the 2011 AMD CPUs. The PSP has been included because of its ability to detect any activities that could be perceived as threats including malware, unauthorized execution, and virtualization. It has been found that the PSP can trigger a system reset if it suspects any threats or anomalies in the system.
How it Happened?
The bug was found by researchers at Google Project Zero, who published their findings on Tuesday morning after notifying AMD about it last November. The flaw can be exploited through JavaScript code running in a web browser – meaning that hackers would only need access to your unprotected PC for just an instant before they could steal passwords from browsers like Chrome or Edge without you ever knowing.
What has been done by AMD so far?
AMD has advised that it is working to correct the issue with a future software patch. In response, AMD will be providing an optional firmware update for its PC platform based on current silicon generation, but will not offer patches for older products going back as far as 2011 – which could leave millions of their customers vulnerable.
While there are patches available to mitigate this issue, they will not work for all systems. This leaves many people at risk until a permanent solution is found or older machines are replaced with newer ones.
If you own one of these devices, we recommend that you contact your manufacturer immediately to find out if a patch is available and install it as soon as possible. You can also consider replacing your computer altogether if an update is not available on time or if it fails to fix the problem completely once installed.
Remarks
As a precautionary measure and given the severity of this flaw, we recommend updating your system’s BIOS or UEFI to protect against potential exploitation from malicious JavaScript attacks. It’s also important to keep in mind that even if you have updated your BIOS/UEFIs protection, you may still want to consider installing security software such as anti-virus programs or enable browser extensions like NoScript so hackers can’t take advantage of the bug to steal your sensitive data.
M Hamza Malik is a writer, blogger, and engineer who loves to create, write, and share his insights about computers, products, and technology. Hamza has spent the last years reading books, tech, and computers, which brings him to writing, giving his character a spark! Therefore, PCFIED is where he started his journey professionally.
