New Spectre derivative bug haunts Intel processors

Intel just can’t catch a break these days. Researchers at Ohio State University have found a way to use the Spectre design flaw to break into the SGX secure environment of an Intel CPU to steal information.

SGX stands for Software Guard eXtensions. It was first introduced in 2014 and is a mechanism that allows applications to put a ring around sections of memory that blocks other programs, the operating system, or even a hypervisor from accessing it.

These walled-off areas are called enclaves, and they are typically used to run things such as DRM code without allowing anyone, even privileged malware, to spy on the decryption keys. It can also allow sensitive code to be run on an otherwise untrusted or unsecured machine.

The researchers noted that because there are vulnerable code patterns inside the SDK runtime libraries, any code developed with Intel’s official SGX SDK will be impacted by the attacks. It doesn’t matter how the enclave program is implemented.

Leave a Reply

Your email address will not be published. Required fields are marked *