AMD chips vulnerable to both variants of Spectre security flaw, firmware updates coming this week


AMD

Though AMD’s initial response to Spectre security flaw was positive as the company said the impact is ‘near zero’, today it confirmed that the processors are vulnerable to both variants of the Spectre security flaw. The company further added that it is rolling out firmware updates available for Ryzen and EPYC owners this week.

AMD will be rolling out the patches to suppliers who will be pushing them to the users. The company didn’t mention anything about the performance impact. AMD says that Google Project Zero Variant 1 (Bounds Check Bypass or Spectre could be contained with an operating system patch. It is been working with Microsoft to roll out the patches for the majority of AMD systems and is also closely following up to correct the issue that paused the distribution of patches for some older AMD processors.

Linux vendors are also rolling out patches across AMD products. The variant two; Branch Target Injection or Spectre is also applicable to AMD processors. While it is hard for the variant two to exploit AMD processors, the company said that it is working to further mitigate the threat. It also mentioned that patches and firmware updates to older processors will be rolled out over the coming few weeks and confirmed that the chips aren’t vulnerable to Meltdown.

Apple released iOS 11.2.2, macOS 10.13.2 supplemental update with security fixes for Spectre vulnerability earlier this week. Given the wide range of handset makers and operating system versions, the situation with Android is even more complex.

Source