New Spectre-style Intel chip flaw can leak user data, but only in Windows
PC users and those who are running Windows on a Mac may want to take a moment to update their operating systems, as a new flaw in Intel and ARM chips has been exposed.
Similar to the Spectre and Meltdown chip flaws of last year, this latest flaw also uncovered an exploit involved in speculative execution.
Speculative execution is a microprocessing shortcut that has existed for the better part of two decades. CPU tasks are often repetitive and can be predicted, and chip designers can offer faster speeds by anticipating these tasks and executing them before they're actually received.
This created a problem, however, when it was discovered that these tasks can be exploited by hackers and leak data such as passwords, tokens, and encryption keys.
According to Tom's Guide, this information was divulged by Bitdefender researchers on Tuesday at the annual Black Hat security conference.
The flaw affects a system instruction in 64-bit Windows called SWAPGS, which can be executed speculatively in user mode. When manipulated, attackers can utilize the exploit to intercept sensitive data that is meant to be contained within individual applications. The flaw also allows an attacker to bypass former methods of Spectre and Meltdown exploits by bypassing the kernel page table isolation.
The flaw had been discovered by Bitdefender a full year ago. It had been dismissed by Intel until a proof-of-concept was provided, showing how the flaw could be exploited.
"Every machine using newer Intel processors which leverage speculative execution and [run] Windows is affected, including servers and laptops," Bitdefender said in a press release.
Microsoft had released a patch that fixed this latest flaw in July. However, it has still failed to alert the public to the seriousness of the situation. Users running Windows in any fashion, even virtualized, are advised to download and install Microsoft's July Patch to prevent sensitive information from being leaked.
Similar to the Spectre and Meltdown chip flaws of last year, this latest flaw also uncovered an exploit involved in speculative execution.
Speculative execution is a microprocessing shortcut that has existed for the better part of two decades. CPU tasks are often repetitive and can be predicted, and chip designers can offer faster speeds by anticipating these tasks and executing them before they're actually received.
This created a problem, however, when it was discovered that these tasks can be exploited by hackers and leak data such as passwords, tokens, and encryption keys.
According to Tom's Guide, this information was divulged by Bitdefender researchers on Tuesday at the annual Black Hat security conference.
The flaw affects a system instruction in 64-bit Windows called SWAPGS, which can be executed speculatively in user mode. When manipulated, attackers can utilize the exploit to intercept sensitive data that is meant to be contained within individual applications. The flaw also allows an attacker to bypass former methods of Spectre and Meltdown exploits by bypassing the kernel page table isolation.
The flaw had been discovered by Bitdefender a full year ago. It had been dismissed by Intel until a proof-of-concept was provided, showing how the flaw could be exploited.
"Every machine using newer Intel processors which leverage speculative execution and [run] Windows is affected, including servers and laptops," Bitdefender said in a press release.
Microsoft had released a patch that fixed this latest flaw in July. However, it has still failed to alert the public to the seriousness of the situation. Users running Windows in any fashion, even virtualized, are advised to download and install Microsoft's July Patch to prevent sensitive information from being leaked.
Comments
The more heterogenous the hardware and software landscape, the more difficult (ie, expensive) it is for bad actors to launch attacks on large numbers of people.
I know this contradicts everything the know-nothing media regurgitates, but the 737 Max is not flawed or broken by design as you say. It is a perfectly good aircraft and I would happily fly on it myself with pilots trained to handle its particular attributes.
Boeing’s sin is that they did not inform the airlines of the autopilot changes that were made to handle the center of gravity shift with the larger engines, and also that Boeing charged extra for training and other services related to this change. Boeing should be hammered for that and they will pay dearly for their lethal mistakes.
But the widely circulated claim that the 737 Max is a bad design is 100% total B.S.
The single 737 sensor error is a sleeping fault (goes undetected) that leads to the plane misbehaving into nosediving to the ground and nothing to help it to not do that except for a trained pilot.
Making reduncy in a safety relevant system a purchasable option is a bad design. (And could even be regarded criminal in a court of law)
If the plane wasn’t dangerous it wouldn’t be grounded by the FAA. If it really only has one sensor and the AP acts on it alone in a dramatic fashion, that’s a design problem.