WebUser – 21 August 2019

(Axel Boer) #1
Need to Know

8 21 Aug - 3 Sept 2019


What happened?
Yet anothervulnerabilityhas been
discovered inIntel’s processors,
following the severeSpectreand
Meltdownflaws thathit the hardware
maker’s products over the pastcouple
ofyears.Researchers fromsecurity
firmBitdefenderwho discovered
the latestflawhavenamedit the
SWAPGSAttack, after the particular
instructionit affects (bit.ly/swapgs 482 ).
Bitdefender saysany computer that
usesan Intel chipandruns Windowsor
Linux could beatrisk.
The SWAPGSAttacktakes advantage
ofa systeminIntel’s processorscalled
speculativeexecution,which guesses
which instructions will come nextto
help speedupprocessing.Someof
those guessesturnout tobeincorrect,
inwhich casethe systemshouldset
themaside andignore them. However,
insomeinstances, the predicted
instruction actuallyloads datainto
the cache,where otherprocesses
inthe systemcan readit. If attackers
use thatsystemtosneak intoa
machine,theycan accessthe
computer’s kernelmemory and
stealany datathathas preloaded
inthisway,including passwords.
The securityflawwas actually
discovered more thana yearago,
but the researchers passed ontheir
information tothe companies affected
togivethemtimetodevelop patches
androll them out. Microsoftissuedits
patch inJuly, soif you haveinstalled
thatupdate, yourPCisprotected.


How will it affectyou?
Security researchers discovered this
flaw, which isgoodnewsbecauseit
means the companies wereabletofix it
beforeany problemsoccurred. While
wecan’t knowfor sure thatcriminals
hadn’t alsodiscovered the vulnerability,
there’s noevidencetosuggestthat
anyonehas usedit, soit’s not something
the averageuser needs topanic over.
Indeed, there’s littlemostofuscan do
about sucha hack,becauseit requires
patches developed bythe tech industry.
That’s what’s happened here and
gaveMicrosoft, Intel, Bitdefender and
othercompanies timetoworkona
solutionbeforedetailsof the flaw
weremadepublic. Inotherwords,
if you keepyourcomputer uptodate
andfully patched, you shouldbe
protected fromthisparticular flaw.
In many ways, the onusoncomputer
securityhas shifted fromthe usertothe
industry. Processor-level flaws aren’t
something ahomeusercan address. We
stillneedtobewaryofphishingattacks
andotherscams thattrick usinto
clicking dodgylinksor opening
malicious downloads,andwestillneed
tokeep our systems uptodateandrun
securitysoftware, but beyondthat
there’s littlemostofuscan dointhe
face ofsuchvulnerabilities.
Inshort,this isn’t aflawyou needto
do much about, otherthan– andwe’ll
repeatthisagain –making sureyou

install the latest updates for your
operating systemandsoftware. If you
dothat, you’ll gainthe benefit of the
yearofworkMicrosoft, Bitdefender and
Intel haveput intoprotect you against
thisflaw.

What dowethink?
Intel has beenhit byone vulnerability
after another, but it’s hardtoknowif
that’s a sign something isamiss atthe
chipmaker orif it’s justthe result of
researchers payingprocessors more
attention.The formerwould beverybad
news, given howwidespread Intel’s
processorsare.The latterisgoodnews
for all ofus, however, becausethe
efforts ofsecuritycompanies suchas
BitdefenderkeepIntel andothertech
giants ontheir toes, and point out
where theyslipup.
It’s alwaysworth remembering that
althoughflaws likethis sound serious,
there’s littlefor mostpeopletoworry
about. There’s noevidence thathackers
abused the vulnerability, andit would
bea difficult thing todo. It’s important
thatweare toldabout problemslike
this, but you don’t needtoworry that
you’renolongersafeonline.The real
threats for mostweb users are the
simpleattacks,suchasphishing, that
pay off quickly andwith lesseffortand
skill thanwould berequiredtoexploit
thisflaw. The headlines may sound
scary,but the realthreatlieselsewhere.

Intel processors hit by


another massive security flaw


Bitdefender discovered the SWAPGSflaw,
and has worked with Intel to patch it


Cr

ed

it:

No

rGa

l /

Shu

tt

er

stoc

k.

com
Free download pdf