The RCE that AMD won't fix
3 months ago
- #Security
- #RCE
- #AMD
- AMD's AutoUpdate software has a Remote Code Execution (RCE) vulnerability.
- The update URLs in the app.config use HTTP, making them susceptible to MITM attacks.
- The AutoUpdate software does not validate downloaded executables before execution.
- AMD considered the vulnerability 'out of scope' and chose not to fix it.
- Timeline of events from discovery to AMD's response.