With the release of Spectre and Meltdown, the floodgates have opened. Since the reveal of the two speculative exploits last year, more bugs have come out of the woodwork. One recent release was a variant of Spectre targettable over networks. Today, we have a new bug that hits Intel right in the jaw. Dubbed Foreshadow by researchers, the new exploit targets the supposedly secure SGX function on Intel CPUs.

SGX or Software Guard eXtensions is a new feature Intel introduced with Skylake and Kaby Lake. SGX allows the creation of Trusted Execution Environments or TEEs. These TTEs are created using SGX to create a secure enclave. Due to this secure enclave, blocks of memory or code is supposed to be protected from everything. Furthermore, this includes protection from a hostile kernel, hypervisor or operating system. Foreshadow circumvents this and ploughs right on through into the secure enclave. This feature is great for cloud virtual machines because it protects against hostile hosts and neighbours.