Image: Foreshadowattack.eu.
As if the Meltdown and Spectre attacks didn't cause enough of a ruckus upon their discovery earlier this year, Intel today disclosed three new exploits that operate in a similar fashion. Using a speculative execution side-channel method called "L1 Terminal Fault (L1TF)" (or, "Foreshadow", by the researchers who discovered it), the flaws can be exploited by an attacker to access private data on machines running Intel's Core and Xeon lines of processors.
Most concerning about the L1TF methods is that the first identified attack can be used to access data stored in SGX enclaves, which are designed to keep user data secure even if a user's machine falls prey to an attacker. The two other related L1TF attacks can be leveraged to read the L1 cache, System Management Mode memory, kernel memory, virtual machines, and hypervisors.
According to Intel, none of these attacks have been seen in the wild yet. And, fortunately for those who have already applied mitigations for Spectre and Meltdown, previous microcode updates are "an important component of the mitigation strategy for all three applications of L1TF," Intel says. From Intel:
When coupled with corresponding updates to operating system and hypervisor software released starting today by our industry partners and the open source community, these updates help ensure that consumers, IT professionals and cloud service providers have access to the protections they need.
L1TF is also addressed by changes we are already making at the hardware level. As we announced in March, these changes begin with our next-generation Intel® Xeon® Scalable processors (code-named Cascade Lake), as well as new client processors expected to launch later this year.
August "Patch Tuesday" updates offer protection for Windows
For Windows users, the latest batch of Patch Tuesday updates released for August contain the latest mitigations from Intel, which should protect against two of the L1TF attacks when combined with previous Spectre and Meltdown mitigations. The third variant, Intel says, is more complicated, but may only affect certain datacenters using virtualization.
Though Intel hasn't observed these attacks being used yet, it would be a good idea to keep your PC up to date with the latest patches.
For more on L1TF, you can check out an in-depth overview of how the attacks work in the video below.
Assassin's Creed Valhalla: Where to find all of the Abilities & Upgrades
Assassin's Creed Valhalla is Ubisoft's most recent adventure bringing medical England to life through the eyes of a Viking named Eivor. Build your arsenal of devastating combat moves called Abilities, and become a Viking warlord with this comprehensive list of all the abilities and their locations.
Review: EufyCam 2 Kit is the best home-security setup with no fees
If you're looking for a sound home security camera system, Eufy is your best bet. All your video data is kept local, with no cloud storage, and there are no subscriptions whatsoever. Combined with excellent features, low-light ability, and a battery that lasts a year, Eufy is way better than Ring. Here's why.
These are the best laptops HP has to offer
The Spectre x360 13t is currently the best HP laptop you can buy thanks to a potent blend of performance and design. However, there are plenty more options that come close to taking the top spot.
Need more USB 3.0 ports? You need one of these great hubs.
USB hubs increase the number of devices you can connect to your PC, so you can escape the anxiety of having to decide what to unplug next. These are the best USB 3.0 hubs available.