Hello,
As some of you may recall, a BIOS update was released for CVE-2023-31315 , AKA SMM bypass. The problem was that an attacker could implant malware into the BIOS. The revised BIOS blob was issued, by AMD “EmbAM4PI 1.0.0.6” on the 9th of Oct 2024.
I waited about a month for a BIOS update to fix this problem, but over a month later ASUS hadn’t released one. I reached out to ASUS via phone and the person I got had no idea what was going on, but assured me the matter would be dealt with.
Well, it’s now mid Jan 2025 and still no BIOS updates for the laptop.
Anyone know what to do? Like, does it really take >3months to release a BIOS patch for a critical vulnerability? Is there some way to convince ASUS to take security seriously?
Thanks!
PS: This flaw is so bad it got a 7.5 score!