AMD patches critical auto-updater vulnerability but denies researcher bounty

A security researcher discovered a critical vulnerability in AMD's auto-updater software that allowed for remote code execution via man-in-the-middle attacks. The flaw stemmed from the application using unencrypted HTTP connections rather than HTTPS to fetch updates. Although the researcher reported the issue through official channels, AMD denied a $10,000 bounty payout by citing policy exclusions for this specific attack vector. Source