alt Hacker NewsIt's technically possible (though I don't know if they actually do this) that they're not referring to a signature check in the download part, but are verifying the code signing signature of the executable downloaded. You'd only notice the CRC if you were looking at the downloaded content, but if the updater refuses to launch an executable that isn't signed by AMD's cert then they would be fine.
Given the way AMD has been treating this issue, I'm assuming they're just incompetent, though.
Replies
LgWoodenBadger • today at 5:24 PM
A manager somewhere made the embarrassingly wrong decision to not fix this, and they’re too egotistical to correct their mistake.
That’s my take.
The article has a screenshot of the decompiled code showing that they're just running the downloaded executable immediately, without any additional checks on the content.