Security researchers have discovered a longstanding vulnerability in AMD processors, found in the firmware of the chips, potentially allowing malware to deeply infect a computer’s memory. Dubbed the “Sinkclose” flaw, researchers from IOActive identified this issue dating back to 2006, affecting almost every AMD chip and enabling hackers to run their own code in System Management Mode. While the impact on regular users is minimal due to the need for deep access to an AMD-based system, large entities like governments could face severe consequences, as the malicious code could remain undetectable and unpatchable even after a complete OS reinstallation. AMD has addressed the issue by providing mitigation options for data center and Ryzen products, with plans for AMD embedded products. Described as akin to breaching bank vault security, the exploit could potentially grant hackers full access to tamper with infected machines. IOActive, withholding proof-of-concept code, emphasizes the urgency of patching the vulnerability, stating that if the foundation is broken, the security of the entire system is compromised.
