Did you think the Intel flaw that can permanently damage the chip giant's 13th and 14th Generation Core processors was bad? Its long standing rival, Advanced Micro Devices - AMD - didn't say "hold my beer" but they might as well because the company's chips have been shipping with the super bad Sinkclose bug for decades.
That bug was found by two researchers at security vendor IOActive, and affects "virtually all AMD chips dating back to 2006, or possibly even earlier," as Andy Greenberg at Wired, which was given first dibs on the story that broke at the legendary DEF CON hacking conference, wrote.
Going back that far in time means we're talking about hundreds of millions of processors, the little semiconductor brains of PCs.
How the Sinkclose bug works is pretty Deep Geek, but AMD chips have a System Management Mode (SMM) which has the highest privileges on a computer.
What can you do with SinkClose then, if you're a malicious hacker-attacker?
Long story short, get into the SMM, and you can run malicious code that anti-viruses can't detect. That undetectable code has full access to all bits of the computer, which in an infosec context is as bad it gets.
Then it gets worse, because at that high level in the computer, in what's called the firmware which is used to start up the computer with certain settings, the code persists and is very hard to remove.
Wiping your computer and reinstalling the operating system won't clear the infection.
Should a computer become infected, the researchers suggest that the only practical thing to do is to throw it away.
AMD has acknowledged the bug, saying it's a high severity one, and released a security bulletin with affected products and mitigation measures.
Luckily, it appears the researchers are the first to have discovered SinkClose.
What's more, it's not that easy to exploit either as it requires deep access to the computer system. This is no doubt why AMD has marked the bug as "high severity" and not "critical".
However, if some admittedly obsessive, hugely patient and clever researchers can find SinkClose and exploit it, there's some chance at least that threat actors will too. Particularly since it was presented at DEF CON to the hacker community.
Keep en eye out for updates in Windows with patches for SinkClose, in other words if your PC has an AMD chip inside.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.