VMware Security Update Tackles Intel Spectre Variant Foreshadow
VMware has released a security update which includes mitigation’s for Foreshadow, Intel’s latest silicon security problem.
On Tuesday, the Dell subsidiary said in a security advisory that Foreshadow, otherwise known as the L1 Terminal Fault, could be exploited to obtain sensitive information from victim machines.
Foreshadow, CVE-2018-3615, springs from design faults found in today’s modern CPUs, and follows Intel’s Spectre and Meltdown vulnerabilities.
The vulnerability was uncovered in modern Intel CPUs which utilize Software Guard Extensions (SGX), which are meant to protect data from being viewed, edited, or exfiltrated, even should a system otherwise fall under an attacker’s control.
However, SGX contains design problems which leave it as open to speculative execution attacks as Meltdown and Spectre.
“Making things worse, due to SGX’s privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem.” according to the researchers who found the vulnerability.
To make matters worse, two other variants which impact microprocessors, operating systems and Hypervisor software were then uncovered. These speculative execution side channel vulnerabilities, discovered by Intel, impact VMware software in a big way.
Source: Computer Review Business