ClaimStatusReceiptsAction
AMD's Windows auto-updater downloaded software over insecure HTTP, enabling network-based malware injection.sourcedStory receiptsSuggest fix Researcher Paul LaRosa reported the critical remote code execution vulnerability.sourcedStory receiptsSuggest fix AMD took 124 days to fix the flaw.sourcedStory receiptsSuggest fix AMD refused to pay LaRosa the $10,000 bug bounty despite acknowledging the issue.sourcedStory receiptsSuggest fix The patched version uses HTTPS but relies on CRC32 validation instead of cryptographic signatures.sourcedStory receiptsSuggest fix Whether other researchers will disclose similar experiences with AMD's bounty program.developingStory receiptsSuggest fix Whether AMD has an official bug bounty program or if LaRosa submitted through a third-party platform.sketchyStory receiptsSuggest fix The exact date LaRosa first reported the vulnerability to AMD.sketchyStory receiptsSuggest fix