AMD refuses to pay $10,000 bounty for critical vulnerability

AMD is at the center of a controversy after refusing to pay a promised bounty to a security researcher who discovered a critical flaw in its automatic driver update system. The expert found a vulnerability that allows Remote Code Execution (RCE) via a "Man In The Middle" (MITM) attack. This is reported by Ixbt.com .

MITM is a type of attack where a cybercriminal secretly intercepts communication between two devices on a network. The researcher reported this bug through AMD's official bug bounty program and expected the $10,000 payment designated for RCE-level vulnerabilities.

However, the company rejected the claim, arguing that MITM scenarios are not covered by its payment policy. Despite this, AMD acknowledged the issue and began working on a fix. Interestingly, it took the company 124 days to fully patch the vulnerability.

It turned out that the patching process was delayed several times, and the scope of the problem was broader than initially estimated. Although the researcher agreed to a non-disclosure agreement and temporarily deleted their post about the bug, they ultimately received no compensation.