SWAPGS attack: The Spectre-like flaw affecting Intel CPUs

SWAPGS attack: The Spectre-like flaw affecting Intel CPUs

Security researchers at Bitdefender have discovered a way of exploiting a flaw in Intel chips.

The SWAPGS attack (CVE-2019-1125) is related to past speculative-execution side-channel attacks like Spectre and Meltdown, and could allow a malicious party to read system memory on your computer that *should* have been inaccessible.

That means an attacker could steal sensitive information such as passwords or encryption keys, without leaving a trace on the targeted PC. And because these flaws are in your computer’s chips itself rather than in the software running on your computer, a fix is not trivial to create.

Sign up to our free newsletter.
Security news, advice, and tips.

The good news is that attacks like this are difficult for the average cybercriminal to undertake, and there’s no evidence that even state-sponsored attackers have exploited the flaw to steal information from targets.

And although the flaw can be found in the architecture of Intel chips, the fix on this occasion is thankfully not to replace the CPUs inside computers but instead to apply operating system updates which mitigate the problem. Anyone who has already applied Microsoft’s July 2019 patch bundle should already be protected.

As many home users and a good proportion of businesses are in the habit of rolling out Microsoft patches, opportunities for exploitation of the flaw will hopefully be limited.

The researchers at Bitdefender should be applauded for working closely with industry players to ensure that mitigations are put in place before this serious issue was made public.

Further reading:

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “SWAPGS attack: The Spectre-like flaw affecting Intel CPUs”

  1. IJAC

    What about Linux is there a patch for that?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.