SgxPectre is the new vulnerability that affects Intel processors

Just a few weeks ago we reported on the massive vulnerability in Intel processors caused by the bugs Meltdown and Specter.

SgxPectre, SgxPectre is the new vulnerability that affects Intel processors, Optocrypto

SgxPectre is the new vulnerability that affects Intel processors

Now, a group of security researchers from the University of Ohio, United States, has discovered a variation of Specter, called SgxPectre. The SGX (Intel Software Guard eXtensions) is a technology for developers that gives the possibility to protect the code and its modification or disclosure of data. The Intel SGX allows executing code of an application within an Intel SGX enclave. That represent the execution areas protected in the memory.

How Intel Tackle that problem of SgxPectre

In the case of Meltdown, this bug could allow hackers to read all the information in the physical memory of users’ computers. So, granting them full access to their credentials and confidential information. For its part, Specter would allow applications in user mode to subtract data from other processes executed in the system. As well as enable extracting data from their process through the code.

However, neither Meltdown nor Specter allows hackers to steal data from SGX enclaves. Also, that occurs with the new SgxPectre, which exploits bugs in Intel’s CPU to reveal the content of this enclave. In this regard, experts say that almost any enclave program could be vulnerable to the SgxPectre attack.

However, these types of attacks could take advantage of specific code patterns in software libraries. That allows developers to incorporate support for SGX in their application. Basically, it is a new vulnerability of lateral channel cache against enclave programs.

Analysts at the University of Ohio said that their study was based on observing the patterns of execution of the repetitive code that is introduced in the enclaves by the software development kits, in addition to the variation associated with the size of the cache.

For its part, Intel expects to combat the new vulnerability SgxPectre with a security update that will be launched on March 16. In the case of developers, they must update their application using the new version of the SDK.