Specter and Meltdown – errors made by a major security flaw in Intel and ARM chips – are back in the news today. Both Microsoft and Apple have issued patches, but a new exploit has been discovered …
The good news for Mac owners is that this only applies to Windows – but that means Mac owners need to take action if They also run Windows on the machine.
Security company Bitdefender revealed the problem at the Black Hat security conference yesterday, reports Tom & # 39; s Guide . Interestingly, they discovered it a year ago, but at first Intel didn't think it was a real-life problem.
The bug, discovered a year ago by Bitdefender researchers, was initially dismissed by Intel to Bitdefender provided proof of concept attack that demonstrated how vulnerability could be exploited.
Bitdefender revealed the error related to Microsoft today (August 6) here at the Black Hat security conference, almost one year the day after Bitdefender researchers told Intel about the error.
"Every machine that uses newer Intel processors that take advantage of speculative performance and [run] Windows is affected, including servers and laptops," Bitdefender said in a press release.
After persuading the company, Microsoft then issued an unannounced update, leaving Bitdefender free to share its findings.
The error affects a system instruction in 64-bit Windows called SWAPGS, a core-level instruction set used with Intel's Ivy Bridge processors in 2012 that can be speculatively executed in user mode. It's a no-no, because system and user functions are supposed to be bracketed from one another.
By manipulating this error in SWAPGS's design, an attacker can retrieve what the system kernel does and thus see a lot of information about should be secret, such as passwords, encryption keys, session tokens and other data intended to be kept in individual applications and processes.
Most importantly, the SWAPGS error allows attackers to completely bypass kernel table isolation (KPTI), the most widely used method to avert Meltdown and Specter attacks, as well as any other mitigation for speculative execution errors.
Because SWAPGS is only used by Windows, Mac owners do not need to take any action unless they are also running Windows. In this case, make sure you have all the updates installed to protect against the latest exploits of Specter and Meltdown.
Check out 9to5Mac on YouTube for more Apple news: