New Spectre-like vulnerability
‘Foreshadow’ flaw affects Intel-based Macs
Earlier this year, the Spectre and Meltdown security flaws made headlines around the world. Now, Intel has explained that it’s discovered another similar bug affecting its processors.
The vulnerability, dubbed the L1 Terminal Fault (L1TF) or Foreshadow, affects Security Guard Extensions (SGX) inside Intel’s Core processors. Apple uses these chips across its range of Mac computers.
Intel’s SGX system essentially creates a secure area of the processor where sensitive information is stored. It’s designed to be able to prevent malicious code from reading this data, even in the event of your machine being taken over by a malicious attacker. Foreshadow uses a similar technique to Spectre and Meltdown, but is able to gain access to the sensitive data stored in the SGX. It can also extract the attestation key, which is used in the SGX’s integrity checks.
Intel has said that it will roll out updates to fix the problem. It is likely that Apple is also working on integrating Intel’s patches into macOS, given how many Apple computers use processors from the company.
Foreshadow is a complicated attack to pull off, so it is unlikely everyday users will be affected. Still, you should be safe and update your Mac as soon as patches are available.
Foreshadow follows the earlier Meltdown and Spectre flaws. A patch is in the works.