Get the Lowest Prices anywhere on Macs, iPads and Apple Watches: Apple Price Guides updated August 18th
 

 

New Spectre-style Intel chip flaw can leak user data, but only in Windows

PC users and those who are running Windows on a Mac may want to take a moment to update their operating systems, as a new flaw in Intel and ARM chips has been exposed.

Spectre-style flaw can leak data on systems running Windows



Similar to the Spectre and Meltdown chip flaws of last year, this latest flaw also uncovered an exploit involved in speculative execution.

Speculative execution is a microprocessing shortcut that has existed for the better part of two decades. CPU tasks are often repetitive and can be predicted, and chip designers can offer faster speeds by anticipating these tasks and executing them before they're actually received.

This created a problem, however, when it was discovered that these tasks can be exploited by hackers and leak data such as passwords, tokens, and encryption keys.

According to Tom's Guide, this information was divulged by Bitdefender researchers on Tuesday at the annual Black Hat security conference.

The flaw affects a system instruction in 64-bit Windows called SWAPGS, which can be executed speculatively in user mode. When manipulated, attackers can utilize the exploit to intercept sensitive data that is meant to be contained within individual applications. The flaw also allows an attacker to bypass former methods of Spectre and Meltdown exploits by bypassing the kernel page table isolation.

The flaw had been discovered by Bitdefender a full year ago. It had been dismissed by Intel until a proof-of-concept was provided, showing how the flaw could be exploited.

"Every machine using newer Intel processors which leverage speculative execution and [run] Windows is affected, including servers and laptops," Bitdefender said in a press release.

Microsoft had released a patch that fixed this latest flaw in July. However, it has still failed to alert the public to the seriousness of the situation. Users running Windows in any fashion, even virtualized, are advised to download and install Microsoft's July Patch to prevent sensitive information from being leaked.