14 DAY TRIAL // AMD has published a press announcement on Thursday to inform its customers that it released patches for two variants of the Spectre security vulnerability disclosed to the public earlier this month.
Last week, several security researchers from Google Project Zero, Graz University of Technology, Cyberus Technology, and others, have publicly disclosed what it would appear to be the worse chip flaws in the history of computing. Dubbed Meltdown and Spectre, these critical security vulnerabilities affect billions of devices by allowing unprivileged attackers to steal sensitive data from memory.
All devices running modern processors released in the past two decades are affected by these two hardware bugs that shouldn't be there in the first place. They put numerous devices powered by processors from Intel, AMD, and ARM at risk of attacks, and OS vendors and OEMs need to patch them as fast as they can. Intel already released the first set of patches, and now it's AMD's turn.
Patches are available for Linux and Windows OSes
According to Mark Papermaster, the Senior Vice President and Chief Technology Officer at AMD, the company is working closely with both the Linux community and Microsoft to distribute their patches in a timely manner not to cause any boot failures or other issues on users' computers. The patches releases by AMD today are for two variants of the Spectre vulnerability, as the processors appear to be immune to the Meltdown exploit.
"At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise," says Mark Papermaster. "Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations."
AMD said that the Bounds Check Bypass variant of the Spectre exploit applies to AMD processors and can be contained with an operating system patch that's currently rolling out to both Linux and Windows systems, while the Branch Target Injection variant it difficult to exploit on its processors. Linux systems are also receiving patches for the second variant of Spectre.
The company urges users to update their AMD systems as soon as possible. Meanwhile, they continue working closely with the industry to mitigate these severe bugs and promised to release additional microcode updates to its customers and partners for AMD Ryzen and EPYC processors this week, as well as updates for previous AMD generation CPUs during the next few weeks. AMD said that these updates will be provided by OEMs and OS vendors.