All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

AMD denies $10,000 bug bounty to researcher who found critical auto-updater RCE vulnerability

By

Bruno Ferreira

2h ago· 4 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

Fresh out the oven, still warm. Top of the tray.

Score85TypenewsSentimentnegative

Summary

AMD denied a security researcher a $10,000 bug bounty after the researcher discovered and reported a critical remote code execution vulnerability in AMD's auto-updater software via a man-in-the-middle attack. Despite the researcher's cooperation and the severity of the flaw, AMD rejected the bounty claim because MITM attacks were not covered under their bug bounty program's policy. The article explores the broader issue of bug bounty programs and their limitations.

Key quotes

· 3 pulled
Regulars at this pub might remember an article a while back about a security researcher who diagnosed a potential remote code execution (RCE) via a man-in-the-middle attack (MITM) in AMD's auto-updater software.
Paul, the researcher, submitted a report at AMD's bug bounty program website, expecting both a fix and a payout for an RCE-class bug.
The report was turned down as MITM attacks weren't covered by the program's policy.
Snippet from the RSS feed
Quis renovatores renovat — who updates the updater?

You might also wanna read

AMD AutoUpdate software contained RCE vulnerability; fix took four months after discovery

A frustrated gamer discovered a Remote Code Execution (RCE) vulnerability in AMD's AutoUpdate software after being annoyed by a pop-up conso

mrbruh.com·1d ago

Google Launches AI Bug Bounty Program with Rewards Up to $30,000

Google has launched a new bug bounty program specifically targeting AI-related vulnerabilities in its products. The program offers rewards u

The Verge·8mo ago

Security Researcher Discovers Vulnerabilities in VSCode Extensions and Core Software

A security researcher details their discovery and disclosure of three vulnerabilities in VSCode extensions and one in VSCode itself (CVE-202

blog.trailofbits.com·3mo ago

AI-Generated Vulnerability Reports Overwhelm Bug Bounty Platforms and Security Teams

A cybersecurity expert with nearly a decade of experience in bug bounty programs analyzes the growing problem of AI-generated vulnerability

devansh.bearblog.dev·7mo ago

GitHub patches critical remote code execution vulnerability in under six hours after AI-assisted discovery

GitHub patched a critical remote code execution vulnerability in under six hours last month. The flaw, discovered by Wiz Research using AI m

The Verge·1mo ago

Security Analysis: CodeRabbit Vulnerability Led to RCE and Access to 1 Million Repositories

A detailed security disclosure explaining how researchers achieved remote code execution on CodeRabbit's production servers, leaked API toke

research.kudelskisecurity.com·9mo ago