Posted on Wednesday, Aug 15 2018 @ 11:47 CEST by Thomas De Maesschalck
Yesterday we wrote about the three L1 Terminal Fault (L1TF) vulnerabilities that were discovered in Intel's processors. The attacks are known as Foreshadow, they're somewhat similar to the Meltdown vulnerabilities but focus on the L1 cache. Attacks abuse speculative execution to retrieve data from the Intel SGX (Software Guard eXtensions) and Virtual Machine Manager. Two of the three vulnerabilities already have CPU microcode updates from Intel and Windows patches from Microsoft. The third bug is harder to fix and exclusively targets datacenters.
There isn't a whole lot of news to post today so let's expand upon L1TF a bit more. Here's a video from Intel that explains the weakness:
There are three applications of L1TF speculative execution side-channel cache timing vulnerabilities. They are similar to previously reported variants. These particular methods target access to the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next.
Here's a video that explains the Foreshadow attack:
And here's a more technical demonstration of Foreshadow:
About the Author
Thomas De Maesschalck
Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.