The bug allows attackers to swipe data from a CPU’s registers. […] the exploit doesn’t require physical hardware access and can be triggered by loading JavaScript on a malicious website.
You must log in or register to comment.
What are the rules on responsible disclosure? Shouldnt they have waited until patches are ready before public disclosure of the exploit?
I mean, this was disclosed to AMD a few months back and there actually is a patch available currently for Epyc CPUs.
It’d be nice if they waited until all the patches were out, but I’d rather this than a full zero-day exploit of this scale in the wild.