WASHINGTON, Aug 15, 2018 (BSS/AFP) – Researchers have discovered a new
security flaw that could let hackers pry information from supposedly secure
virtual vaults in Intel chips, the company warned on Tuesday.
Intel said software updates are already available and it did not appear
anyone had taken advantage of the “Foreshadow” vulnerability, which has been
likened to troubling “Meltdown” and “Spectre” flaws exposed in computer chips
early this year.
“If used for malicious purposes, this class of vulnerability has the
potential to improperly infer data values from multiple types of computing
devices,” Intel said on its website.
“Intel has worked with operating system vendors, equipment manufacturers,
and other ecosystem partners to develop platform firmware and software
updates that can help protect systems from these methods,” it said.
The “Meltdown” and “Spectre” flaws roiled the Silicon Valley chip maker,
prompting a series of lawsuits and a congressional inquiry about Intel’s
handling of the matter
“We are not aware of reports that any of these methods have been used in
real-world exploits, but this further underscores the need for everyone to
adhere to security best practices,” Intel executive vice president and
general manager of product assurance and security said of “Foreshadow” in a
post on Intel’s website.
“Once systems are updated, we expect the risk to consumer and enterprise
users running non-virtualized operating systems will be low.”