SWAPGS attack: The Spectre-like flaw affecting Intel CPUs

SWAPGS attack: The Spectre-like flaw affecting Intel CPUs

Security researchers at Bitdefender have discovered a way of exploiting a flaw in Intel chips.

The SWAPGS attack (CVE-2019-1125) is related to past speculative-execution side-channel attacks like Spectre and Meltdown, and could allow a malicious party to read system memory on your computer that *should* have been inaccessible.

That means an attacker could steal sensitive information such as passwords or encryption keys, without leaving a trace on the targeted PC. And because these flaws are in your computer’s chips itself rather than in the software running on your computer, a fix is not trivial to create.

Sign up to our free newsletter.
Security news, advice, and tips.

The good news is that attacks like this are difficult for the average cybercriminal to undertake, and there’s no evidence that even state-sponsored attackers have exploited the flaw to steal information from targets.

And although the flaw can be found in the architecture of Intel chips, the fix on this occasion is thankfully not to replace the CPUs inside computers but instead to apply operating system updates which mitigate the problem. Anyone who has already applied Microsoft’s July 2019 patch bundle should already be protected.

As many home users and a good proportion of businesses are in the habit of rolling out Microsoft patches, opportunities for exploitation of the flaw will hopefully be limited.

The researchers at Bitdefender should be applauded for working closely with industry players to ensure that mitigations are put in place before this serious issue was made public.

Further reading:

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

One comment on “SWAPGS attack: The Spectre-like flaw affecting Intel CPUs”

  1. IJAC

    What about Linux is there a patch for that?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.