Yet another flaw was disclosed by Intel today where the attackers can steal information stored on your computers or third-party cloud storage. This flaw was discovered by a number of researchers and reported to Intel back in January. The vulnerabilities reported are of three types. In a blog post, Intel mentioned about earlier updates released this year and new updates being released today which will in a combined manner be able to tackle the vulnerabilities and protect most users.
Intel said – “We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices,”
The L1TF or the L1 Terminal Fault as the company calls them said two of the varieties known can be diminished using the updates available now. But the third variety which affects only a subset of users, for example, certain data centers will require additional measures to be taken. The L1TF affects the Intel Software Guard Extensions(SGX) feature. The video below explains more about the varieties in detail.
After spotting the vulnerability the researcher’s have described the attack that takes advantage of it here. They call it the Foreshadow. Researchers said the after the earlier Meltdown and Spectre discoveries now SGX needs to be taken care of. While speaking to the Wired, system researcher Daniel Genkin said “When you look at what Spectre and Meltdown did not break, SGX was one of the few things left. SGX was mostly spared by Spectre, so it was the logical next step.”
Intel has already expanded its bug bounty program after the Spectre and Meltdown disasters. This was in an attempt to get more security researchers involved and offering larger rewards.
Here is a list of Intel products affected by the newly discovered vulnerabilities
Also Read: Samsung Galaxy Note9 Features And Specs