this post was submitted on 10 Aug 2024
27 points (82.9% liked)

PC Gaming

8209 readers
496 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 1 year ago
MODERATORS
EXiLExJD@lemmy.ca
UncleBadTouch@lemmy.ca
KairuByte@lemmy.dbzer0.com
27
‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections (www.wired.com)
submitted 1 month ago by alessandro@lemmy.ca to c/pcgaming@lemmy.ca
11 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] breadsmasher@lemmy.world 9 points 1 month ago (5 children)

Not quite a nothingburger

Nissim and Okupski note that exploiting the bug would require hackers to already have obtained relatively deep access to an AMD-based PC or server, but that the Sinkclose flaw would then allow them to plant their malicious code far deeper still. In fact, for any machine with one of the vulnerable AMD chips, the IOActive researchers warn that an attacker could infect the computer with malware known as a “bootkit” that evades antivirus tools and is potentially invisible to the operating system, while offering a hacker full access to tamper with the machine and surveil its activity.

[–] BlackLaZoR@kbin.run -2 points 1 month ago (3 children)

I know, but this requires a supply chain attack - not a likely thing to happen,

[–] breakingcups@lemmy.world 3 points 1 month ago (2 children)

This does not require a supply chain attack, just a user ignorantly clicking yes on a UAC prompt. After which the machine is forever compromised, even after replacing ssds / hdds.

[–] Sylvartas@lemmy.world 1 points 1 month ago (1 children)

Wouldn't it be fixed by wiping the drives and re flashing the bios ? (Or the opposite order)

[–] Breadhax0r@lemmy.world 2 points 1 month ago

From my understanding it allows malicious code to be installed in protected memory on the CPU itself, so you can't get rid of it once it's there without a lot of extra work

load more comments (1 replies)