Foreshadow returns to the foreground: Secrets-spilling speculative-execution Intel flaw lives on, say boffins

7 August 2020

Some of the boffins who in 2018 disclosed the data-leaking speculative-execution flaws known as Spectre and Meltdown today contend that attempts to extinguish the vulnerabilities’ Foreshadow variant have missed the mark. In a paper slated to be distributed through ArXiv any time now, Martin Schwarzl, Thomas Schuster, and Daniel Gruss with Graz University of Technology, and Michael Schwarz, with the Helmholtz Center for Information Security, reveal the computer science world has misunderstood the microarchitectural flaw that enables Foreshadow, which can be exploited by malware or a rogue user on a vulnerable system to extract data from supposedly protected areas of memory – such as Intel SGX enclaves, and operating-system kernel and hypervisor addresses.

Read full article on The Register

Date:

7 August 2020

Categorie(s):

NEWS

Tag(s):

Foreshadow, Intel

Christie’s auction house suffers cyberattack, disrupting art auction schedule15 May 2024
Zscaler enhances AI data protection platform with new security innovations15 May 2024
Investigating lateral movements with Amazon Detective investigation and Security Lake integration14 May 2024
Microsoft fixes a bug abused in QakBot attacks plus a second under exploit14 May 2024
Unlocking cybersecurity excellence: The BISO’s vital role in safeguarding enterprises14 May 2024