First Spectre and Meltdown, Now Foreshadow
Intel has been notified by various researchers that yet another security gap has been found in their processors. The vulnerability affects its chip security technology called Software Guard Extensions (SGX). This technology has been used in Intel processors since 2015. Therefore, if you have an older PC — there is no need to be concerned about this vulnerability, as it does not impact you. However, the processors that were affected include:
- Intel Core i3/i5/i7/M processor (45nm and 32nm)
- 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
- Intel Core X-series Processor Family for Intel X99 and X299 platforms
- Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
- Intel Xeon Processor E3, E5, and E7 – v1/v2/v3/v4/v5/v6 Families of each
- Intel Xeon Processor Scalable Family
- Intel Xeon Processor D (1500, 2100)
In addition to impacting the SGX, Foreshadow exploits Intel’s speculative execution component. This feature uses behavioral analysis to determine which application or program the user is going to need next. It then automatically opens it, to increased productivity. If the program is not needed by the user, it will close automatically. The problem with exploiting this function is the cached information that may be held within these applications, including usernames, passwords, personally identifiable data, etc. Any cached information can be stolen by hackers through this exploit.
Now What?
According to Kim Komando, Intel is releasing an update today, August 21st, which is supposed to patch the vulnerability. Microsoft has also released an update to address the security vulnerability.
All of this is great — but it’s going to be up to the user to deploy the updates. Therefore, as a user — UPDATE, UPDATE, UPDATE!!
