Security flaws are one of the most frequently recurring threats in our modern-day digital infrastructure. Unlike malware, security flaws and exploits are products of human error -- and provide a vector of attack for cybercriminals intelligent enough to hone in on them.
Because of this, software engineers are constantly on the lookout to address any holes they find with security updates. But when a flaw comes from the hardware side of things rather than software, the threat becomes exponentially more dangerous. When a vulnerability is detected in any piece of hardware, it usually means that all others from the same product line are affected as well.
And that's exactly the issue that security researchers are facing this week in light of a new flaw discovered in a range of Intel chips. This flaw, if exploited, can grant backdoor access to any affected computer -- putting personal data and sensitive information at great risk. We're breaking down the details on this new threat, as well as how researchers are advising users to stay safe online.
A major hole in a popular product
Update: Intel and Microsoft have announced that a security update is now available for the SWAPGS security flaw. It can be downloaded from Microsoft's website at no charge. For the security and integrity of your system, both companies urge users update as soon as possible. Click or tap here to download the update. Make sure to select the download that fits your specific version of Windows 10.
Researchers at security firm Bitdefender have discovered a highly dangerous security flaw that's present in nearly all modern Intel chips -- the kind found in a majority of computers on the market.
The flaw deals with the method these chips use to predict user behavior, which usually results in faster performance. By exploiting the flaw, a hacker can take control of the computer's "memory kernel," which essentially gives them backdoor access to personal data like passwords and private conversations.
Bitdefender representatives claim that the flaw has not yet been exploited in the wild, but have emphasized the wide-sweeping nature of this threat. What's worse is the fact that this flaw comes on the heels of the critical Spectre and Meltdown flaws -- both of which were discovered and patched last year.
This new flaw, tentatively dubbed the "SWAPGS Attack," can actually bypass the safeguards put into place by the Spectre and Meltdown patches, which makes the situation even more dangerous.
What can be done about the "SWAPGS Attack?"
Right now, Bitdefender has only identified the threat. Currently, no fix has been engineered -- but developers are researching the threat further, and may potentially release a series of patches to address it.
It is, however, entirely possible that no patch arrives. Chip-related security flaws are extremely complex and can take time to untangle and pinpoint the exact nature of the flaw in code.
In the short term, it's up to PC users to exercise caution when exploring the web. Avoiding mysterious links and messages from unknown senders is a good start, as well as avoiding potentially suspicious websites and login forms.
In fact, Bitdefender proposes that the SWAPGS Attack would be more of a component to a larger cyberattack rather than the "main course" -- just because SWAPGS Attack only grants access to memory.
Even still, a new vector of attack is the last thing that hackers need these days. Considering the trouble they've caused in the past few years, it's high time we start exercising better online safety practices. If we give cybercriminals fewer tools to attack us with, it's one step towards greater deterrence.
We'll be updating this story with any new information surrounding the SWAPGS Attack flaw, as well as any potential fixes that may arrive down the line.
Intel releases important security patches for Core processors
Last month, Intel released its patches to protect users from the Spectre chip flaw. But the patches were so buggy that the company urged users to skip them entirely. Since Intel's first Spectre patch was a dud, the company promised to roll out another patch that will provide protection minus the prior system-breaking bugs. And it looks like that time is now.