Foreshadow returns to the foreground: Secrets-spilling speculative-execution Intel flaw lives on, say boffins

Some of the boffins who in 2018 disclosed the data-leaking speculative-execution flaws known as Spectre and Meltdown today contend that attempts to extinguish the vulnerabilities’ Foreshadow variant have missed the mark. In a paper slated to be distributed through ArXiv any time now, Martin Schwarzl, Thomas Schuster, and Daniel Gruss with Graz University of Technology, and Michael Schwarz, with the Helmholtz Center for Information Security, reveal the computer science world has misunderstood the microarchitectural flaw that enables Foreshadow, which can be exploited by malware or a rogue user on a vulnerable system to extract data from supposedly protected areas of memory – such as Intel SGX enclaves, and operating-system kernel and hypervisor addresses.

Read full article on The Register

 


Date:

Categorie(s):

Tag(s):