Move over Spectre and Meltdown: Intel Details New “Foreshadow” Security Exploit, Stock Price Sinks
Today Intel (NASDAQ:INTC) shares dipped slightly after the company announced that yet another serious security flaw, named “Foreshadow”, exists in its processors’ hardware core. The flaw can be used by hackers or malicious software to access computer data without the consent of the user.
Foreshadow is dubbed by Intel as an “L1 Terminal Fault” wherein a computer’s cache data may be accessed by an attacker using vulnerabilities in the hardware.
At a high level, per the researchers who first uncovered Foreshadow:
Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from Software Guard Extensions (SGX) enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.
The official message coming out of Santa Clara, CA is that the bug is admittedly serious but isn’t aware of any real-world attacks using the exploit. Intel does detail how the bug could be used maliciously.
- Malicious applications, which may be able to retrieve data in the operating system memory.
- A malicious guest virtual machine (VM) may infer data in the VM’s memory.
- Malicious software running outside of SMM may infer data in SMM memory.
- Malicious software may infer data from within another Intel SGX enclave.
What is somewhat troubling for Chipzilla is that Intel Software Guard Extensions, “SGX”, was only introduced with Skylake 6th generation Core CPUs and Foreshadow threatens to bust SGX wide open, similar to the unpatched Spectre vulnerability.
Today Intel quickly released microcode that partially protects against some of the attacks listed above.
Intel’s statement on the matter:
We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices
While the exploit is close to being fully patched, it will come with some degree of performance penalty for the enterprise systems receiving the updated microcode.
Intel is facing a renewed AMD assault on the datacenter with looming 7nm EPYC chips and investors are very aware of this.
Share prices fell as much as 1.7 percent before recovering to end the day down about 0.7 percent at $48.12. The world’s second largest chipmaker hit a 52-week high of $57.60 in early June of this year putting today’s price down about 15% from two months ago.
Intel investors remain largely bullish on the stock with short interest hovering around a mere 2 percent of the total float. The company is coming off a very good quarter. Head over here for our thorough earnings coverage.