Русский
Information security researchers have discovered a new breach in Intel processors. The new threat is called Foreshadow.The vulnerability, which the IT giant has classified as L1 Terminal Fault or L1TF, can attack the processor's first-level cache and extract data. Foreshadow is known to take advantage of features of recent generations of Intel processor architectures, which resort to out-of-schedule and simultaneously pre-emptive (or speculative) instruction execution mechanisms. Foreshadow includes three variations in total. The first of these was found to be CVE-2018-3615. It affects Intel Software Guard Extensions (SGX). The second, CVE-2018-3620, affects operating systems and System Management Mode (SMM), and the third, CVE-2018-3646, poses a threat to virtualization software and Virtual Machine Monitors (VMMs). Curiously, researchers discovered this vulnerability back in January this year, right after information about Spectre and Meltdown was made public. The information was also forwarded to Intel at that time. The company has already released updates to protect the majority of users from Foreshadow. It is reported that the released updates will help protect against two versions of the discovered vulnerability, while the third one, to which significantly fewer users are exposed, will require additional steps for regulation. In addition, Intel representatives emphasize that the company is not aware of any cases where the vulnerability has been used in real life.