DigiNews

Summary

The article describes a remotely exploitable vulnerability in AMD's AutoUpdate software, arising from update URLs served over HTTP and lack of certificate validation, enabling potential MITM execution of unsigned updates. The author reports the issue, notes it was deemed out of scope by AMD, and provides a timeline of discovery and disclosure. This highlights real-world risks in software update mechanisms and the importance of secure update practices for enterprises.