Yesterday, we had a very productive phone call with CTS-Labs, the firm behind the "AMD Flaws" critical security vulnerabilities exposé of the "Zen" microarchitecture. Our questions focus on the practicality of exploiting these vulnerabilities, and should provide more insight to the skepticism centered on needing admin privileges, flashing BIOS ROMs, and other localized hacks that would render any machine, not just "Zen" powered, vulnerable. Feel free to follow up with questions in the comments section, if we can help explain something.

CTS-Labs the research group behind the AMD "Zen" CPU vulnerabilities, posted an addendum to its public-release of the whitepaper, in an attempt to dispel some of the criticism in their presentation in the absence of technical details (which they shared with AMD and other big tech firms). In their clarification whitepaper, quoted below, they get into slightly more technical details on each of the four vulnerability classes.

Security researchers with Israel-based CTS-Labs, have discovered a thirteen security vulnerabilities for systems based on AMD Zen processors. The thirteen new exploits are broadly classified into four groups based on the similarity in function of the processor that they exploit: "Ryzenfall," "Masterkey," "Fallout," and "Chimera."

The researchers "believe that networks that contain AMD computers are at a considerable risk," and that malware can "survive computer reboots and re-installations of the operating system, while remaining virtually undetectable by most endpoint security solutions," such as antivirus software. They also mention that in their opinion, "the basic nature of some of these vulnerabilities amounts to complete disregard of fundamental security principles. This raises concerning questions regarding security practices, auditing, and quality controls at AMD."