Secure enclaves like the one found in iPhones are intended to be impenetrable fortresses that handle tasks too sensitive for the main CPUs they work with. AMD's version of that co-processor contains a raft of critical flaws that attackers could exploit to run malware that's nearly impossible to detect and has direct access to a vulnerable computer's most sensitive secrets, a report published Tuesday warned. The chips also contain what the report called "backdoors" that hackers can exploit to gain administrative access.
The flaws—in AMD's EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile lines of processors—require attackers to first gain administrative rights on a targeted network or computer, which is a hurdle that's difficult but by no means impossible to clear. From there, attackers can exploit the vulnerabilities to achieve a variety of extraordinary feats that would be catastrophic for the owners' long-term security. Among other things, the feats include:

  • Running persistent malware inside the AMD Secure Processor that's impossible—or nearly impossible—to detect
  • Bypassing advanced protections such as AMD's Secure Encrypted Virtualization, Firmware Trusted Platform Module, and other security features, which are intended to secure systems and sensitive data in the event that malware infects a computer's operating system
  • Stealing credentials a vulnerable computer uses to access networks
  • Physically destroying hardware by attackers in hardware-based "ransomware" scenarios

More at: