Security researcher says AMD auto-updater downloads software insecurely, enabling remote code execution — company rep reportedly said man-in-the-middle attacks are "out of scope," ignored bug

A security researcher discovered that AMD's Windows driver auto-updater downloads software insecurely, potentially allowing remote code execution by attackers. The researcher reported the issue to AMD, but the company reportedly dismissed it, stating that man-in-the-middle attacks were "out of scope." The insecure connection used by the auto-updater could enable attackers to intercept downloads and inject malware. The potential attack surface is significant, affecting millions of computers with AMD hardware. AMD has not confirmed the bug yet, but if valid, it could pose a serious security risk that needs immediate attention.