SWAPGS attack: The Spectre-like flaw affecting Intel CPUs

Graham Cluley

SWAPGS attack: The Spectre-like flaw affecting Intel CPUs

SWAPGS attack: The Spectre-like flaw affecting Intel CPUs

Security researchers at Bitdefender have discovered a way of exploiting a flaw in Intel chips.

The SWAPGS attack (CVE-2019-1125) is related to past speculative-execution side-channel attacks like Spectre and Meltdown, and could allow a malicious party to read system memory on your computer that *should* have been inaccessible.

That means an attacker could steal sensitive information such as passwords or encryption keys, without leaving a trace on the targeted PC. And because these flaws are in your computer’s chips itself rather than in the software running on your computer, a fix is not trivial to create.

The good news is that attacks like this are difficult for the average cybercriminal to undertake, and there’s no evidence that even state-sponsored attackers have exploited the flaw to steal information from targets.

And although the flaw can be found in the architecture of Intel chips, the fix on this occasion is thankfully not to replace the CPUs inside computers but instead to apply operating system updates which mitigate the problem. Anyone who has already applied Microsoft’s July 2019 patch bundle should already be protected.

As many home users and a good proportion of businesses are in the habit of rolling out Microsoft patches, opportunities for exploitation of the flaw will hopefully be limited.

The researchers at Bitdefender should be applauded for working closely with industry players to ensure that mitigations are put in place before this serious issue was made public.

Further reading:

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “SWAPGS attack: The Spectre-like flaw affecting Intel CPUs”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.




Stay informed!

Join thousands of others by signing-up for the free “GCHQ” newsletter, containing the latest news and tips from security expert Graham Cluley.

Name:

Email:

Yes, I would like to subscribe to email updates from Graham Cluley. I know it’s easy to unsubscribe if I ever change my mind.