AMD has announced that it will be removing the ability of its Catalyst Control Centre software to automatically notify users of a driver update, following an apparent security scare.
Currently, AMD's Catalyst Control Centre - the software used to adjust the settings of AMD's graphics hardware, and provided as part of the Catalyst universal graphics card driver package - automatically checks AMD's website every so often for a new Catalyst driver release. If an updated version is found, a message appears allowing the user to download and install the newer release.
Sadly, that nofification comes with what AMD describes in its
support notice as a '
minor security vulnerability.' Although AMD doesn't provide details as to what that vulnerability may be, it's serious enough for the company to pull the functionality altogether from future revisions of the software.
From a security perspective, there's only really one reason AMD would do such a thing: if someone had worked out how to spoof update notifications, sending users to third-party websites designed to look and feel like AMD's own but providing malware-laden Trojan downloads rather than the real Catalyst driver update packages. How such spoofing would take place is not clear, but if such a thing is possible it would give attackers an easy means of tricking a user into installing third-party software.
The next major release of the Catalyst driver package, AMD has explained, will disable the functionality altogether. For those who can't wait until the vague '
early 2013' update, AMD recommends that the auto-update notification system be disabled using the Automatically Check for Updates option under Software Update in the Catalyst Control Centre's Information menu. Should a notification appear, AMD warns that users should hit 'Skip' rather than accept to upgrade.
Want to comment? Please log in.