In August, researchers found the third significant security flaw from Intel computer chips exploit this year which is known as the Foreshadow.
The US government’s body for cyber security has identified the Foreshadow exploit to have vulnerabilities that could have been exploited to gain access to sensitive information. This is a similar vulnerability to the two previous exploits identified earlier this year (Spectre and Meltdown). Collectively these exploits have affected billions of computer devices around the world. Going forwards, the build process for Intel’s chips will be altered which will remove these vulnerabilities.
Intel claims that while the bug is admittedly serious, the company is not aware of any real-world attacks that have exercised use of the Foreshadow exploit. The chipmaker maintains that this kind of research, which is important, represents risks that are extremely limited in practice. Attacks using the Foreshadow exploit would be difficult and impractical to carry out, particularly when cheap, easy and effective techniques like phishing and malware distribution are available.
Intel representatives confirmed that the Whiskey Lake chipsets bring the first in-silicon mitigations to the consumer market. The two previous exploits Spectre and Meltdown mitigation’s was delivered via software and microcode patches which produced a negative impact on performance which could reduce it by up to 10% (based on workload) on newer hardware, with older hardware suffering even larger losses. However, the new mitigations which are baked directly into the silicon, shouldn’t impact the performance of the chip.
Intel recommends that devices should be kept up to date as security patches have being distributed for all effected processors 2015 onwards. Maintaining best practice when it comes to hardware and software updates is essential for protecting computer systems from old, current and upcoming exploits.