Skip to main content
close search
site logo
Dive Brief

Intel chip saga continues: 'Foreshadow' vulnerabilities disclosed

Published Aug. 15, 2018
By
Associate Editor
Flickr user keitamiyoshi

Dive Brief:

  • Intel disclosed on Tuesday recently discovered security flaws that could "allow unauthorized disclosure of information in the L1 data cache," qualifying that it is not aware of any real world exploits thus far.
  • Researchers discovered "speculative execution attack," called L1 Terminal Fault (L1TF), that could be used to extract data, and informed Intel about it on January 3. Intel researchers subsequently found two more L1TF varieties that could affect virtual machines, hypervisors and memory in operating systems and system management modes. Researchers dubbed the initial vulnerability "Foreshadow" and the subsequent variants "Foreshadow-Next Generation (NG)." 
  • Customers with nonvirtualized operating systems will face low risk following system updates, but those with traditional virtualized systems may require additional protections, such as hypervisor core schedule features or avoiding hyperthreading in certain situations, according to Intel. 

Dive Insight:

The vulnerabilities affect microprocessor products that support the company's Software Guard Extensions (SGX), an architecture for developers that uses enclaves to protect against the alteration or disclosure of data and code. SGX is a feature in modern Intel CPUs that, even if a system is compromised by an attacker, continues to protect users' data or code, according to the researchers who found the bug. 

The Foreshadow vulnerabilities could be exploited to access SGX-protected memory, and trust in an entire SGX ecosystem could be lost with just one exploited SGX machine. 

Foreshadow-NG could be particularly devastating because it also allows malicious actors to access information in other virtual machines on the same cloud infrastructure and bypass countermeasures to the Meltdown and Spectre flaws, researchers said. 

Security teams at companies using Intel products will need to audit systems to check for SGX architecture and what kind of virtualized system is in use and roll out system updates and protections. Still in recovery from the Spectre and Meltdown flaws, Intel will have to roll out recoveries that are not also bogged by patches with performance issues.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell