Foreshadowing attacks on vulnerable processors
A newly discovered processor vulnerability could potentially put secure information at risk in any Intel-based PC manufactured since 2008. It could affect users who rely on a digital lockbox feature known as Intel Software Guard Extensions, or SGX, as well as those who utilize common cloud-based services. Researchers at the University of Michigan, the Belgian research group imec-DistriNet, Technion Israel Institute of Technology, the University of Adelaide and Data61 identified the SGX security hole, called Foreshadow, in January and informed Intel. That led Intel to discover its broader potential in the cloud. This second variant, Foreshadow-NG, targets Intel-based virtualization environments that cloud computing providers such as Amazon and Microsoft use to create thousands of virtual PCs on a single large server. Intel has released software and microcode updates to protect against both varieties of attack.
Provided by the Foreshadow Attack team