PC users and those who are running Windows on a Mac may want to take a moment to update their operating systems, as a new flaw in Intel and ARM chips has been exposed.
Similar to the Spectre and Meltdown chip flaws of last year, this latest flaw also uncovered an exploit involved in speculative execution.
Speculative execution is a microprocessing shortcut that has existed for the better part of two decades. CPU tasks are often repetitive and can be predicted, and chip designers can offer faster speeds by anticipating these tasks and executing them before they're actually received.
This created a problem, however, when it was discovered that these tasks can be exploited by hackers and leak data such as passwords, tokens, and encryption keys.
According to Tom's Guide, this information was divulged by Bitdefender researchers on Tuesday at the annual Black Hat security conference.
The flaw affects a system instruction in 64-bit Windows called SWAPGS, which can be executed speculatively in user mode. When manipulated, attackers can utilize the exploit to intercept sensitive data that is meant to be contained within individual applications. The flaw also allows an attacker to bypass former methods of Spectre and Meltdown exploits by bypassing the kernel page table isolation.
The flaw had been discovered by Bitdefender a full year ago. It had been dismissed by Intel until a proof-of-concept was provided, showing how the flaw could be exploited.
"Every machine using newer Intel processors which leverage speculative execution and [run] Windows is affected, including servers and laptops," Bitdefender said in a press release.
Microsoft had released a patch that fixed this latest flaw in July. However, it has still failed to alert the public to the seriousness of the situation. Users running Windows in any fashion, even virtualized, are advised to download and install Microsoft's July Patch to prevent sensitive information from being leaked.
13 Comments
Intel or Boeing? Who has fallen the farthest the fastest?
I'm much less confident now that Apple will make their own ARM chips for Macs, but they would be doing a public service if they did.
The more heterogenous the hardware and software landscape, the more difficult (ie, expensive) it is for bad actors to launch attacks on large numbers of people.
I believe Linux suffers from this vulnerability, although it’s more difficult to pull off than on Windows. If that’s true, you your title might be improved by saying “...,but not in MacOS” rather than “...,Only in Windows.” If you have a good article on why this doesn’t affect MacOS, please let me know.