Foreshadow Flaw Undermines Intel SGX

Foreshadow targets Intel's SGX on Core chips.

"Intel’s SGX blown wide open by, you guessed it, a speculative execution attack." As we expected:

"Speculative execution attacks truly are the gift that keeps on giving."

What's in store today? A new Meltdown-inspired attack on Intel's SGX, given the name Foreshadow by the researchers who found it. page

Foreshadow is a new speculative execution exploit targeting Intel's SGX on Core chips page

# The good news? Big parts are fixed already

ToDo: research the researchers.


**Intel** Protecting Our Customers Through the Lifecycle of Security Threats - *Details and Mitigation Information for L1 Terminal Fault* page


*A comment from Josh Feinblum (Digital Ocean), in response to a question about what mitigation they were taking.* > The mitigation pathways for this issue are reasonably public. We're not trying to hide anything - it was overly technical for the blog we were trying to put out. Microsoft's SR&D team did a wonderful job on this: https://blogs.technet.micro... > The most important mitigations include the deployment of microcode updates and modifications to our environment to ensure that a Droplet is not scheduled to a core that contains data from the hypervisor, or another Droplet.