Skip to main content

New And Potentially More Dangerous Intel Vulnerability Discovered

By March 20, 2018June 8th, 2022Cybersecurity

The “Spectre” vulnerability that impacts literally every Intel chip made over the last decade keeps finding new ways to make the news.  In this instance, researchers at Ohio State University have discovered a new variant of the vulnerability that they have dubbed “SGX Spectre.”  To understand how it’s different, a bit of explanation is in order.

SGX stands for “Software Guard eXtensions,” and is a feature only found in the latest Intel processors.  It allows applications to create “data enclaves,” which are hardware-isolated portions of a CPU’s processing memory.  The purpose of such enclaves is to give applications a secure space to run operations that deal with especially sensitive data, like passwords and encryption keys.

The original Spectre and Meltdown vulnerabilities were unable to extract any data from SGX enclaves, but SGX Spectre can. Even worse, the recent Spectre patches will do nothing to prevent it.

Intel has announced that on March 16, it will release an update for its SGX SDK that adds SGX Spectre mitigations.  App developers will need to integrate the update into their SGX-capable apps and issues an update to all users.

The research team had this to say about the recent discovery:

“SgxPectre Attacks can completely compromise the confidentiality of SGX enclaves.  Because vulnerable code patterns exist…and are difficult to be eliminated, the adversary could perform SgxPectre Attacks against any enclave programs.

Because there are vulnerable code patterns inside the SDK runtime libraries, any code developed with Intel’s official SGX SDK will be impacted by the attacks.  It doesn’t matter how the enclave program is implemented.”

In addition to the discovery of SGX Spectre, the research team discovered new variations of the original security flaws, which they have dubbed MeltdownPrime and SpectrePrime, respectively.  Needless to say, more patches will be forthcoming.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.