Vulnerablilty in AMD auto update software

This guy has detailed an exploit in  the auto update functionality of the AMD catalyst software for AMD graphics cards. Basically, the download is done over HTTP and the binary that is downloaded is not verified as being signed by AMD.  He details how to launch a local app on the Windows machine using this method. It’s fixed as of the 13.1 driver version, which is available now. 

Leave a Reply

Your email address will not be published. Required fields are marked *