A critical Remote Code Execution (RCE) vulnerability was discovered in AMD's AutoUpdate software, potentially exposing users to network-based attacks, according to multiple reports. The vulnerability, which AMD reportedly dismissed, stems from the software's use of HTTP for executable downloads, leaving users vulnerable to man-in-the-middle attacks.
The discovery, detailed by a security researcher on Hacker News, revealed that the AutoUpdate software downloads executable files over HTTP, despite using HTTPS for the update URL itself. This allows a malicious actor on the same network to potentially intercept and replace the downloaded files with malicious code. The researcher, after being annoyed by the software, decompiled it and found the vulnerability.
"The real problem starts when you open up this URL in your web browser, and realise that all of the executable download URLs are using HTTP," the researcher wrote on Hacker News.
Simultaneously, La Sapienza University in Rome is reportedly dealing with a significant computer system disruption, suspected to be a ransomware attack. However, neither the university nor Italian authorities have confirmed the nature of the disruption.
In other news, the Supreme Court handed down a one-sentence order regarding California's newly gerrymandered maps, which are expected to benefit Democrats. According to Vox, the court's decision suggests a preference for gerrymandering over disfavoring Democrats.
Furthermore, research indicates that a routine vaccine, the shingles vaccine, may slow aging and reduce dementia risk. Dylan Scott, health reporter for Vox, noted that widespread adoption of the vaccine could have significant health benefits. "An elixir for keeping our brains and bodies younger may already be sitting on pharmacy shelves across the United States if only wed take advantage of it," Scott wrote.
Discussion
AI Experts & Community
Be the first to comment