After Spectre and Meltdown, and the wishful patching of Intel’s security holes, now there is “Foreshadow”
Intel has been notified by various researchers that yet another security gap has been found in their processors. The vulnerability affects its chip security technology called Software Guard Extensions (SGX). This technology has been used in Intel processors since 2015 (2nd generation i3,i5,i7,xeon 3400+, X99 and X299 and later/above. 1st gen i* and Core2Duo or earlier are safe.
In addition to impacting the SGX, Foreshadow exploits Intel’s speculative execution component. This feature uses behavioral analysis to determine which application or program the user is going to need next. It then automatically opens it, to increased productivity. If the program is not needed by the user, it will close automatically. The problem with exploiting this function is the cached information that may be held within these applications, including usernames, passwords, personally identifiable data, etc. Any cached information can be stolen by hackers through this exploit.
According to Kim Komando, Intel is releasing an update today, August 21st, which is supposed to patch the vulnerability. Microsoft has also released an update to address the security vulnerability.