Today Intel (NASDAQ:INTC) shares dipped slightly after the company announced that yet another serious security flaw, named “Foreshadow”, exists in its processors’ hardware core. The flaw can be used by hackers or malicious software to access computer data without the consent of the user.
Foreshadow is dubbed by Intel as an “L1 Terminal Fault” wherein a computer’s cache data may be accessed by an attacker using vulnerabilities in the hardware.
Related Intel Skylake-X 28 Core, 56 Thread CPU To Feature Support on X599 Ultra-Premium Enthusiast Platform, Rumor Alleges – LGA 3647 Socket, Hexa Channel Memory Support
At a high level, per the researchers who first uncovered Foreshadow:
Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from Software Guard Extensions (SGX) enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.
The official message coming out of Santa Clara, CA is that the bug is admittedly serious but isn’t aware of any real-world attacks using the exploit. Intel does detail how the bug could be used maliciously.
- Malicious applications, which may be able to retrieve data in the operating system memory.
- A malicious guest virtual machine (VM) may infer data in the VM’s memory.
- Malicious software running outside of SMM may infer data in SMM memory.
- Malicious software may infer data from within another Intel SGX enclave.
What is somewhat troubling for Chipzilla is that Intel Software Guard Extensions, “SGX”, was only introduced with Skylake 6th generation Core CPUs and Foreshadow threatens to bust SGX wide open, similar to the unpatched Spectre vulnerability.
Related Intel Launches 9th Gen Core 8 Core and 6 Core CPUs on 1st October – Core i9-9900K Flagship, Core i7-9700K and Core i5-9600K Unlocked Lineup With New Z390 Boards
Today Intel quickly released microcode that partially protects against some of the attacks listed above.
Intel’s statement on the matter:
We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices
While the exploit is close to being fully patched, it will come with some degree of performance penalty for the enterprise systems receiving the updated microcode.
Intel is facing a renewed AMD assault on the datacenter with looming 7nm EPYC chips and investors are very aware of this.
Share prices fell as much as 1.7 percent before recovering to end the day down about 0.7 percent at $48.12. The world’s second largest chipmaker hit a 52-week high of $57.60 in early June of this year putting today’s price down about 15% from two months ago.
The drop comes during an otherwise good day for the semiconductor sector with rivals AMD (NASDAQ:AMD) and Nvidia (NASDAQ:NVDA) both enjoying mild gains on the day.
Intel investors remain largely bullish on the stock with short interest hovering around a mere 2 percent of the total float. The company is coming off a very good quarter. Head over here for our thorough earnings coverage.
