August 16, 2018
Foreshadow: What to Do About Intel’s Latest Security Vulnerability
Another day, another data breach. Intel has just discovered a new vulnerability in its processors, which puts desktop and laptop users at risk. Aptly named “Foreshadow,” this vulnerability was discovered before the data of millions could be stolen…but the threat isn’t over yet.
Spectre 2.0? Not Quite.
Foreshadow, with the more technical term L1TF, is being compared to Spectre, an unprecedented security vulnerability that was discovered early in 2018. Like Spectre, Foreshadow is a vulnerability in the CPU, or computer processor, of your hardware. In other words, the computer’s chip.
However, while previous hacks exposed older hardware, Foreshadow has found a vulnerability in newer hardware. Most modern chips have what is called SGX, or Software Guard Extensions. While these extensions are supposed to protect your data, Foreshadow has found a way to circumvent them and access data from computers and virtual machines on the cloud.
There are three types of Foreshadow vulnerabilities in total: One that affects the SGX, one that affects the operating system, and a smaller one that affects mostly data centers.
What You Can Do
When new vulnerabilities are discovered, companies like Intel scramble to release updates, or “patches,” to their hardware. These updates contain fixes that help secure users against vulnerabilities. Don’t hesitate. Make these software updates immediately. Then, continue to make updates when prompted. While it’s too easy to click that “Update Later” button, doing that only increases your chances of being hacked.
While Intel has released updates to its processors that you can install now, other companies are taking protective steps, too.
- Microsoft: Microsoft recently released a fix to all Windows clients.
Oracle: Linux customers, including cloud customers, are encouraged to run the latest updates available to them.
Google: Cloud platform users are the ones most affected. Google Cloud has automatically updated its systems. However, any App Engine users may have to follow a few extra steps.
Amazon Web Services: AWS has automatically updated its systems, too. However, any Amazon Linux users should install the company’s latest update.
It’s important to note that your performance may be impacted while your computers are undergoing these updates. However, a few minutes of inconvenience are worth it when you consider the dangerous implications of stolen data.
While Foreshadow has had no “real-world exploit,” it’s understandable to be concerned about your data. Data security should always be top on your list. if you’re worried about how data breaches and vulnerabilities may affect your business, contact our small business IT support team. They’ll help you develop a plan to keep your technology, your customers, and your business safe.