A new security flaw in Intel processors has been discovered by researchers that could allow hackers to steal data from the company’s ‘secure’ virtual vaults in Intel chips.
‘Foreshadow’ is the third similar flaw of significance found to have affected Intel designed chips in 2018.
“If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices,” Intel said on its website. “We are not aware of reports that any of these methods have been used in real-world exploits…But this further underscores the need for everyone to adhere to security best practices.”
Foreshadow is similar in effect to the Meltdown and Spectre flaws Filehippo.com reported on back in January this year.
Foreshadow, or L1 Terminal Fault (L1TF) to give the flaw its official name targets Intel’s Security Guard Extensions (SGX) within its Core chips.
“While the bug is in itself an extremely technically complex issue, the issue resides within Intel’s chip Kernel design. Essentially, the kernel on every chip Intel has manufactured in the last decade or so, leaks memory. This leaves users systems open to potentially extremely sensitive data being exposed such as passwords and financial information.”
For its part, Intel have said software updates are already available and those users who have already updated their systems against Spectre and Meltdown are less vulnerable. According to Intel (at the time of writing) no-one has taken advantage of the “Foreshadow” vulnerability. Collectively however, the flaws have affected billions of computers around the world.
The problem only affects processors released since 2015 to the present day.
Meltdown, Spectre, and Foreshadow all exploit various flaws in a computing technique known as speculative execution.
Foreshadow was discovered by collaborative work by researchers from KU Leuven university in Belgium and others from the universities of Adelaide and Michigan. After Intel was made aware of the attack, the chip firm then discovered two more related weaknesses.
You should be safe, though, if you’ve already patched your PC as part of the earlier Spectre and Meltdown mitigations that rolled out over the course of the year, according to a blog post from Intel, which disclosed the flaw.
A full list of affected hardware has been posted on Intel’s website.
An easy fix, and a shameless plug…
It’s not bad news for everyone, however. Users of IObit Advanced SystemCare can fix the Intel vulnerability and a whole bunch of other issues with your PC in just one-click. You can download it for free on FileHippo right here.