An international team of researchers has discovered new flaws in Intel’s Software Guard Extensions (SGX) feature. Dubbed ‘L1 Terminal Fault’ by Intel and ‘Foreshadow’ by others, it is similar to the Spectre and Meltdown vulnerabilities from earlier this year, but is even more troubling.
SGX allows programs to establish “secure” enclaves on Intel processors. As Wired explains, these are areas that are ‘cordoned off’ to create a protected zone for sensitive data, even if the main computer is compromised. It is supposed to be the processor’s most secure element.
Unlike Spectre, which cannot, for the most part, access SGX, Foreshadow can. And the results are, according to Wired, “deeply problematic.” The attack exposes cryptographic keys and can generate legitimate-looking SGX signatures that can be used to create fake enclaves.
Intel has stated that they are patching the flaw, and cloud providers are already exploring how to dampen any damage from Foreshadow. In the meantime, researchers and Intel urge individuals and enterprises to keep devices up to date.
Get the full story on Wired.