Not long ago, NVIDIA company issued an urgent warning about detected vulnerabilities in their video cards. GeForce, Quadro, and Tesla series are affected. Owners of those GPUs should update video rivers to eliminate the problem.
In total, five vulnerabilities were identified. They are present in all drivers for GeForce video cards (up to 431.60 driver version). The most dangerous vulnerability (CVE-2019-5683) has a rating of 8.8 points. It allows a hacker to execute malware code that causes a denial of service and establish privileges. Vulnerabilities (CVE-2019-5684 and CVE-2019-5685) perform the same actions only through DirectX. If your computer runs on Windows 7 or higher are then you are at risk.
There is no reason for panic! To hack your PC, an attacker needs to have local access to your system. It means that he or she must be present nearby. Plus, you can download the new GeForce drivers (431.60 version) from the official NVIDIA website to completely fix this problem.
Is it any better with Intel CPUs?
Modern computers equipped with the most advanced processors are sometimes at risk of data loss due to critical vulnerabilities in the hardware of the device. Experts announced a vulnerability in almost all Intel processors that could give hackers access to the computer’s memory. As a result, confidential user information may fall into the third party’s hands.
The vulnerability is present in Intel chips using the SWAPGS instruction, which is part of speculative functions that allow the central processor to predict the execution of tasks by anticipating their relevance.
Specifically, speculative execution that increases system performance creates the opportunity for attackers to access the user's personal information. This feature was also used during the recent Specter, Meltdown and Foreshadow attacks. Lately, it was found that this vulnerability is not eliminated by new types of hardware-level protection introduced after the detection of those vulnerabilities.
The SWAPGS protocol is used in almost all Intel processors manufactured after 2012. It means that the third-generation Intel Core and higher are vulnerable. A threat is relevant for corporate users working with Intel processors installed on servers, as well as for cloud services clients. Hackers can obtain data about passwords and other personal user information.
Many companies reported that they have been working with Microsoft, the Linux Foundation, and others for over a year to protect users from this problem. Experts advise users to regularly update operating systems on their devices.
Remember, nothing is secure. What has been created by one human can be destroyed but another human. To reduce the risk of being hacked furthermore, you simply need to be very careful. Use secure connections, do not insert any strange USB devices, use strong passwords. Remember, hackers who use those vulnerabilities always target huge companies. They are not interested in us.