Foreshadow: New vulnerability in Intel chips

Recently, security researchers have discovered a new “Foreshadow” vulnerability affecting Intel processors that bypass the built-in chip security features, making it possible for attackers to obtain sensitive data stored in the supposedly secure cordoned-off areas on the processor. Wired pointed out that Foreshadow will attack a feature on the Intel processor called “Secure Guard Extensions,” which is also referred to as SGX.

SGX is designed to help protect user data stored in the processor, even if the entire computer is under the control of an attacker. But in fact, SGX creates a secure memory area on the chip that holds sensitive data, which cannot be read directly by malicious code.

“Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.”

Also, the researchers discovered two similar variants called “Foreshadow-NG.” They also attack SMM code, operating systems, hypervisor software, and other microprocessors. The researchers said this could affect cloud services on a virtual machine, including the use of malicious guest VM hypervisor memory read, or even belong to another virtual machine memory. The first to discover this vulnerability was the researchers from KU Leuven. It conducted independent research on Meltdown and Spectre and notified Intel on January 3, 2018.

The good news is that most desktop users are less likely to be affected by Foreshadow because the premise of the attack is for processors that support SGX.

Intel has provided measures to mitigate the Foreshadow attack through software fixes and microcode updates.

Via: AppleInsider