Processor manufacturer AMD has issued its first detailed statement on the flaws which were claimed last week to be in some of its product lines by the previously unknown Israeli firm CTS Labs.
Essentially, beyond detailing the BIOS updates it had released for some of the flaws and promising to provide firmware patches for others, AMD did not say a great deal.
But Mark Papermaster, senior vice-president and chief technology officer, did mention that it had been first contacted by CTS Labs on 12 March and given less than 24 hours to react to the laundry list of flaws that was released soon after.
AMD also took care to point out that exploitation of the flaws required administrative access.
{loadposition sam08}Papermaster wrote: "It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings.
"Any attacker gaining unauthorised administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research."
CTS Labs disclosed the flaws on 13 March, on a dedicated website, accompanied by a white paper from which technical details were redacted, in order, it said, to prevent exploitation of the flaws.
Another company, Trail of Bits, was paid US$16,000 to verify CTS Labs' findings. After initially sounding positive about the discoveries, its chief Dan Guido appeared to play down the significance of the flaws, saying: "There is no immediate risk of exploitation of these vulnerabilities for most users.
"Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilise these vulnerabilities. This level of effort is beyond the reach of most attackers."