Foreshadow, also known as L1 Terminal Fault, is another problem with speculative execution in Intel’s processors. It lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn’t crack.
What is Foreshadow?
Specifically, Foreshadow attacks Intel’s Software Guard Extensions (SGX) feature. This is built into Intel chips to let programs create secure “enclaves” that can’t be accessed, even by other programs on the computer. Even if malware were on the computer, it couldn’t access the secure enclave—in theory. When Spectre and Meltdown were announced, security researchers found that SGX-protected memory was mostly immune to Spectre and Meltdown attacks.
There are also two related attacks, which the security researchers are calling “Foreshadow – Next Generation,” or Foreshadow-NG. These allow access to information in System Management Mode (SMM), the operating system kernel, or a virtual machine hypervisor. In theory, code running in one virtual machine on a system could read information stored in another virtual machine on the system, even though those virtual machines are supposed to be completely isolated.
Foreshadow and Foreshadow-NG, like Spectre and Meltdown, use flaws in speculative execution. Modern processors guess the code they think might run next and preemptively execute it to save time. If a program tries to run the code, great—it’s already been done, and the processor knows the results. If not, the processor can throw the results away.
However, this speculative execution leaves some information behind. For example, based on how long a speculative execution process takes to perform certain types of requests, programs can infer what data is in an area of memory—even if they can’t access that area of memory. Because malicious programs can use these techniques to read protected memory, they could even access data stored in the L1 cache. This is the low-level memory on the CPU where secure cryptographic keys are stored. That’s why these attacks are also known as “L1 Terminal Fault” or L1TF.
To take advantage of Foreshadow, the attacker just needs to be able to run code on your computer. The code doesn’t require special permissions—it could be a standard user program with no low-level system access, or even software running inside a virtual machine.
Read more: https://www.howtogeek.com/362797/how-to-protect-your-pc-from-the-intel-foreshadow-flaws/