Latest in Gear

Image credit: Mike Blake / Reuters

Intel discloses another set of processor vulnerabilities

It has already released updates to address the problem.
638 Shares
Share
Tweet
Share
Save

Sponsored Links

Mike Blake / Reuters

Intel disclosed another set of processor flaws today that could let attackers steal information stored on computers or third party clouds. Discovered by a number of researchers and reported to Intel in January, the vulnerability includes three varieties. The company said in a blog post that when combined with updates released earlier this year, new updates being released today should protect most users from the vulnerability. "We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," said Intel.

The company has dubbed this set of flaws L1TF, or L1 Terminal Fault. It said today that two of the varieties can be mitigated with the updates available now, but the third, which only affects a subset of users -- such as certain data centers -- might require additional steps to be taken. You can learn more about the varieties in the video below.

The researchers that spotted the vulnerability have described an attack that takes advantage of it here. They're calling it Foreshadow. L1TF affects Intel's Software Guard Extensions (SGX) feature and the researchers said after the Meltdown and Spectre discoveries, looking at SGX was the next step. "When you look at what Spectre and Meltdown did not break, SGX was one of the few things left," system security researcher Daniel Genkin, who contributed to the Foreshadow discovery, told Wired. "SGX was mostly spared by Spectre, so it was the logical next step."

Following the Spectre and Meltdown debacle, Intel expanded its bug bounty program, opening it up to more security researchers and offering larger rewards.

You can see which Intel products are affected by the newly discovered vulnerabilities here.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
638 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
Logitech unveils its first mouse and keyboard built for Chrome OS

Logitech unveils its first mouse and keyboard built for Chrome OS

View
'Control' will let you photograph its beautiful Brutalist setting

'Control' will let you photograph its beautiful Brutalist setting

View
Google's Daydream VR experiment is over

Google's Daydream VR experiment is over

View
Here's everything Google announced at the Pixel 4 event

Here's everything Google announced at the Pixel 4 event

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr