Latest in Gear

Image credit: Mike Blake / Reuters

Intel discloses another set of processor vulnerabilities

It has already released updates to address the problem.
638 Shares
Share
Tweet
Share
Save

Sponsored Links

Mike Blake / Reuters

Intel disclosed another set of processor flaws today that could let attackers steal information stored on computers or third party clouds. Discovered by a number of researchers and reported to Intel in January, the vulnerability includes three varieties. The company said in a blog post that when combined with updates released earlier this year, new updates being released today should protect most users from the vulnerability. "We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," said Intel.

The company has dubbed this set of flaws L1TF, or L1 Terminal Fault. It said today that two of the varieties can be mitigated with the updates available now, but the third, which only affects a subset of users -- such as certain data centers -- might require additional steps to be taken. You can learn more about the varieties in the video below.

The researchers that spotted the vulnerability have described an attack that takes advantage of it here. They're calling it Foreshadow. L1TF affects Intel's Software Guard Extensions (SGX) feature and the researchers said after the Meltdown and Spectre discoveries, looking at SGX was the next step. "When you look at what Spectre and Meltdown did not break, SGX was one of the few things left," system security researcher Daniel Genkin, who contributed to the Foreshadow discovery, told Wired. "SGX was mostly spared by Spectre, so it was the logical next step."

Following the Spectre and Meltdown debacle, Intel expanded its bug bounty program, opening it up to more security researchers and offering larger rewards.

You can see which Intel products are affected by the newly discovered vulnerabilities here.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
638 Shares
Share
Tweet
Share
Save

Popular on Engadget

Runkeeper drops its Wear OS app due to a 'buggy experience'

Runkeeper drops its Wear OS app due to a 'buggy experience'

View
Drako's GTE electric supercar will be a four-motor, 1,200HP monster

Drako's GTE electric supercar will be a four-motor, 1,200HP monster

View
Nintendo says there is no Switch exchange program

Nintendo says there is no Switch exchange program

View
IKEA creates a business unit devoted to smart home tech

IKEA creates a business unit devoted to smart home tech

View
US will reportedly give Huawei another temporary reprieve

US will reportedly give Huawei another temporary reprieve

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr