vulnerability bypasses Spectre and Meltdown patches – CNET



James Martin/CNET

A brand new vulnerability bypassing earlier Spectre and Meltdown protections has been discovered by Bitdefender researchers, CNET sister web site ZDNet reported Tuesday. It impacts all Home windows programs with AMD or Intel processors since 2012 and may entry protected reminiscence.

Spectre and Meltdown are vulnerabilities uncovered within the chips that deal with delicate knowledge like passwords and encryption keys. Chips initially affected when the vulnerability was revealed again in January 2018 included Intel and AMD or these designed by Arm.

The most recent Spectre variant, referred to as SWAPGSAttack and designated CVE-2019-1125, may very well be used to secretly monitor and take info off a pc. Whereas it really works round earlier patches, you possibly can defend your self through the use of a safety replace launched in July after Bitdefender labored with Intel and Microsoft on the problem for a 12 months.

Microsoft’s advisory says “an attacker who efficiently exploited the vulnerability may learn privileged knowledge throughout belief boundaries.”

“Clients who’ve Home windows Replace enabled and utilized the safety updates are protected routinely,” a Microsoft spokesperson additionally instructed ZDNet. 

AMD stated in a press release that it would not imagine it’s weak to the SWAPGS variant assaults.

“Intel, together with trade companions, decided the problem was higher addressed on the software program stage and linked the researchers to Microsoft,” an Intel spokesperson added to ZDNet.

SWAPGSAttack was revealed in the course of the Black Hat hacker convention Tuesday.

First printed at 5:16 p.m. PT on Aug. 6.
Up to date at 6:56 p.m. PT: AMD and Arm additionally affected; eight:02 p.m. PT: provides assertion from AMD.

Leave a Reply

Notify of