A remote code execution vulnerability in AMD systems remains unpatched after the company declined to address it, raising questions about the chipmaker's vulnerability disclosure practices.
A researcher has publicly disclosed a remote code execution (RCE) vulnerability affecting AMD systems that the company refused to fix, according to details shared on security-focused forums.
The vulnerability, detailed in a technical writeup, demonstrates how an attacker could execute arbitrary code on affected AMD hardware. The researcher initially reported the flaw through AMD's security disclosure process, but the company declined to patch it.
AMD's refusal to remediate the vulnerability contrasts with standard industry practice, where chipmakers typically address critical security flaws affecting their processors. The company did not provide public explanation for declining the fix.
The disclosure has gained attention in security circles, with 147 points and 42 comments on Hacker News, indicating substantial community interest. The full technical details are available in the researcher's writeup, which includes proof-of-concept information.
This incident highlights ongoing tensions between security researchers and hardware manufacturers regarding vulnerability disclosure timelines and remediation obligations. While software companies often face pressure to patch vulnerabilities quickly, hardware flaws present different challenges due to longer update cycles and firmware dependency.
The disclosure raises broader questions about AMD's vulnerability management strategy and whether the company considers this particular RCE a low priority or beyond the scope of its support obligations.
Security researchers and system administrators using affected AMD hardware should review the technical details to determine their exposure and implement mitigations if available.
Security researchers discovered 21 previously unknown vulnerabilities in FFmpeg, the widely-used multimedia framework. The findings raise concerns about the security posture of a project relied upon by millions of applications.
An unnamed British police officer faces criminal investigation for allegedly using artificial intelligence to create evidence in multiple cases. The officer has been removed from frontline duties in what authorities describe as the first known case of its kind in the UK.
A growing market of DIY gadgets in China allows drivers to circumvent Tesla's distracted-driving safeguards. Tiny plastic heads, blinking screens, and celebrity figurines trick the vehicle's camera into thinking the driver is paying attention.
Section 702 of the Foreign Intelligence Surveillance Act expires tonight, but surveillance operations will proceed under a certification that remains valid until March 2027.