More Spectre / Meltdown Issues

So it appears that there was a recent Spectre / Meltdown patch included in July’s slate of security updates.  Although there are still no documented exploits of this “in the wild”, it’s still worth the read.

 

08/06/2019 08:21 PM EDT

 

Original release date: August 6, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems’ memory.Spectre is a flaw an attacker can exploit to force a program to reveal its data. The name derives from “speculative execution”—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, and cloud servers.

CISA encourages users and administrators to review the following guidance, refer to their hardware and software vendors for additional details, and apply an appropriate patch when available: