2018 is certainly taking a toll on Intel. This chip manufacturing giant is still coping with the losses of Meltdown and Spectre and now new vulnerabilities are discovered. The Intel chip security flaw, namely Foreshadow and L1 Terminal Fault (L1TF) were discovered by independent research teams. It is claimed that these will impact Software Guard Extensions (SGX) technology of Intel, System Management Mode (SMM), and the hypervisor software!
Know More About These Vulnerabilities
These are in a way similar to Meltdown and Spectre that impacted thousands of system in the past. Specifically discussing, CVE-2018-3615, a.k.a. Foreshadow, has an adverse effect on SGX technology. If not controlled, it will give the bad actors access and permission to extract any kind of information that is protected via SGX secure memory!
The second one CVE-2018-3620 is said to be even more dangerous. You ask why? Because this flaw can be used to attack the OS kernel and SMM, which run on Intel chips and processors. As it is directly affecting the kernel, to inject malicious program or gather data using this exploitation is easy. The worst part is the programs running within the SMM and outside SMM, both are equally vulnerable!
Third one known as CVE-2018-3646, attacks on the VM through hypervisor, a virtualization program that helps in installation and operation of the virtual machines. Affecting this software is the last thing which you need because then the values and the messages thus sent will no longer remain safe! Also, it can affect the VMM or Virtual Machine’s memory as well.
However, these Intel chip security flaws are not easier to exploit as they need in-depth knowledge and experience. But that does not mean we can take these lightly and let them go! Also, similar to Meltdown vulnerability, these also need the attacker to run a malicious code on the system without being physically present there. This again is a hard nut to crack because not everyone is competent enough of completing this task!
Read Also : Cyber Security Tips for Enterprises/Users
Yuval Yarom, one of the researchers who found about Foreshadow has claimed that though the attacks are highly sophisticated, one can be highly vulnerable if the attack initiates! So we need to mitigate the issue before it takes a toll on the life of masses!
The Affected Ones
Several processor series are said to affected, but the ones given below are certain to be affected! Take a read and get to know about them!
Intel Core i3/i5/i7/M processor (45nm and 32nm)
Intel Xeon Processor D (1500, 2100)
Intel Xeon Processor E7 v1/v2/v3/v4 family
Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 family
Intel Xeon Processor Scalable family
Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
Intel Xeon Processor E5 v1/v2/v3/v4 family
Intel Core X-series processor family for Intel X99 and X299 platforms
2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
Mitigation Of This Destructive Intel Chip Flaw
Because this Intel chip vulnerability is new and has no connection with the previous ones, specific microcodes have been released in order to patch them. The patches are said to explicitly remove the data during a few transactions. However, these will also not fully mitigate the problem.
Must Read : Bluetooth: Is It Really As Secure As We Think
The experts studying Intel chip vulnerability and their mitigation have claimed that we’ll need an updated operating system to stay shielded from these. The reason behind is that a few vendors are totally dependent on vendors for the microcode updates which vary from user to user and it is extremely difficult to release all mirocodes promptly!
Full patching and shield against these Intel chip security flaws is yet to be seen, but till then we should take basic precautions and stay protected! What do you think about this?
Leave a Reply