A new exploit in the Spectre and Meltdown security flaw in Intel and ARM chips is in the news, but Mac users need only be concerned if they also run Windows on their machine.
Tom’s Guide reports security company Bitdefender announced the issue at the Black Hat security conference on Tuesday. Although the flaw was discovered a year ago, Intel didn’t initially believe it to be a real-life issue.
The flaw, discovered a year ago by Bitdefender researchers, was initially dismissed by Intel until Bitdefender provided a proof-of-concept attack that showed how the vulnerability could be exploited.
Bitdefender disclosed the flaw in conjunction with Microsoft today (Aug. 6) here at the Black Hat security conference, almost one year to the day after Bitdefender’s researchers told Intel of the flaw.
“Every machine using newer Intel processors which leverage speculative execution and [run] Windows is affected, including servers and laptops,” Bitdefender said in a press release.
Microsoft issued an unannounced patch for the issue, allowing Bitdefender to share its findings.
The flaw affects a system instruction in 64-bit Windows called SWAPGS, a kernel-level instruction set introduced with Intel’s Ivy Bridge processors in 2012 that can be speculatively executed in user mode. That’s a no-no, because system and user functions are meant to be walled off from one another.
By manipulating this error in SWAPGS’s design, an attacker can glean what the system kernel is doing and thereby see a lot of information that should be secret, such as passwords, encryption keys, session tokens and other data meant to be kept within individual applications and processes.
Most importantly, the SWAPGS flaw allows attackers to completely bypass kernel page table isolation (KPTI), the most widely used method of staving off Meltdown and Spectre attacks, as well as all other mitigations for speculative-execution flaws.
SWAPGS is only used by Windows, so Mac users are not affected unless they also run Windows. In that case, Mac owners are advised to ensure they have installed all updates to protect against the latest Spectre and Meltdown issue.
