{"id":5141,"date":"2018-08-25T17:00:58","date_gmt":"2018-08-25T11:30:58","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=5141"},"modified":"2020-08-18T20:58:59","modified_gmt":"2020-08-18T15:28:59","slug":"foreshadow-attacks-on-intel-chips","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/foreshadow-attacks-on-intel-chips\/","title":{"rendered":"Foreshadow Attacks on Intel Chips is Causing Serious Vulnerabilities"},"content":{"rendered":"
\n
\n\"Foreshadow
\n
\n\n<\/div>\n

Intel’s Software Guard Extensions (SGX) feature allows programs to establish secure enclaves on Intel processors. The secure enclave develops a safe haven for sensitive information, even if malware or another malady compromises the main computer. A global research group comprising of researchers from five academic institutions discovered that even though SGX can mostly repel Spectre and Meltdown attacks, a related attack can actually bypass its defenses. This is called Foreshadow.<\/p>\n

Foreshadow attacks, according to the researchers, is a risky attack on Intel processors, which permits an attacker to steal confidential information stored inside personal computers or third-party clouds. Foreshadow is available in two versions:<\/p>\n

The original attack designed for extracting data from Software Guard Extensions (SGX) enclaves
\nA Next-Generation version which affects hypervisors (VMM), operating system (OS) kernel memory, System Management Mode (SMM) memory, and Virtual Machines (Vms).<\/p>\n

The vulnerabilities allow reading the data from an area of fast memory called the L1 cache, which is available to each processor core. An attacker can actually use the exploits to read any data held in the cache, including the operating system’s kernel, protected data belonging to the System Management Mode (SMM), or to other virtual machines (VMs) working on third-party clouds.<\/p>\n

From a theoretical viewpoint, it could be possible to use the exploits for stealing information from virtual machines running on private or public clouds, as they allow a malicious VM running on the cloud to read memory that belongs to the VM’s hypervisor or memory that belongs to another guest VM. However, the VMs will have to be running on the same processor core for an attack to be successful.<\/p>\n

The three related Foreshadow attacks include:<\/p>\n