New Foreshadow flaw discovered in Intel Core and Xeon processors

By Digit NewsDesk | Updated 16 Aug 2018
New Foreshadow flaw discovered in Intel Core and Xeon processors
  • Intel and Microsoft jointly with academic researchers have revealed a new Foreshadow vulnerability in Intel Core and Xeon processors which could allow attackers to access data in the L1 cache of target machines

Intel has been having a very rough 2018. After the revelation of the Spectre and Meltdown flaws at the beginning of the year, Intel and its partners have been fighting a seemingly uphill battle in trying to patch flaws that could leave very sensitive parts of the computer exposed to people with bad intentions. Now, Intel themselves have disclosed three speculative execution flaws in their Core and Xeon series of processors. The new flaw is dubbed Foreshadow, alternatively called L1 Terminal Fault or L1TF, and includes three vulnerabilities impacting Intel’s processors.

advertisements

The three Foreshadow vulnerabilities have been divided into two variants; Foreshadow and Foreshadow: Next Generation. Foreshadow targets the Intel Software Guard Extension enclaves, designed specifically to prevent disclosure and modification of select code and user data. While SGX enclaves were designed to be impervious to Spectre and Meltdown, it appears that through the Foreshadow flaw, an attacker could gain access to data residing in L1 cache.

The Foreshadow Next Generation flaw has two vulnerabilities that specifically targets virtualised environments being used by large cloud computing platforms like those of Amazon and Microsoft. These flaws also allow access to data residing in the L1 cache but are a little more serious. Through the Foreshadow NG attack, malicious parties can also gain access to data residing on other virtual machines, as long as they’re running on the same third-party cloud platform.

Security researchers held off on disclosing the Spectre and Meltdown flaws for well over the industry norm of 60 days in order to let Intel patch the problems. The Foreshadow flaw was announced by Intel, Microsoft, Red Hat and a group of academic researchers in a coordinated manner. While a patch for the new flaws is yet to be issued, Intel says that they have not yet come across any reported case in the real world where the new flaws have been used to compromise systems. While a software patch for Foreshadow will be just a band-aid, a real fix will only be implemented when the new Cascade Lake chips are released later this year. Additionally, the new chips which are impervious to speculative execution flaws would need to replace all the current vulnerable processors.

advertisements
advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

Intel Core 2 Duo vs qualcomm snapdragon
t ruth pushpalatha
Sept 18, 2014
Responses 5
Vivek Bhatt
Sept 20, 2014
Jyoti Prakash
Sept 21, 2014
samuel browne
Sept 21, 2014
t ruth pushpalatha
Sept 21, 2014
Nazimuddin Ahmed
Sept 22, 2014
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements