The “Spectre” vulnerability that impacts literally every Intel chip made over the last decade keeps finding new ways to make the news. In this instance, researchers at Ohio State University have discovered a new variant of the vulnerability that they have dubbed “SGX Spectre.” To understand how it’s different, a bit of explanation is in order.
SGX stands for “Software Guard eXtensions,” and is a feature only found in the latest Intel processors. It allows applications to create “data enclaves,” which are hardware-isolated portions of a CPU’s processing memory. The purpose of such enclaves is to give applications a secure space to run operations that deal with especially sensitive data, like passwords and encryption keys.
The original Spectre and Meltdown vulnerabilities were unable to extract any data from SGX enclaves, but SGX Spectre can. Even worse, the recent Spectre patches will do nothing to prevent it.
Intel has announced that on March 16, it will release an update for its SGX SDK that adds SGX Spectre mitigations. App developers will need to integrate the update into their SGX-capable apps and issues an update to all users.
The research team had this to say about the recent discovery:
“SgxPectre Attacks can completely compromise the confidentiality of SGX enclaves. Because vulnerable code patterns exist…and are difficult to be eliminated, the adversary could perform SgxPectre Attacks against any enclave programs.
Because there are vulnerable code patterns inside the SDK runtime libraries, any code developed with Intel’s official SGX SDK will be impacted by the attacks. It doesn’t matter how the enclave program is implemented.”
In addition to the discovery of SGX Spectre, the research team discovered new variations of the original security flaws, which they have dubbed MeltdownPrime and SpectrePrime, respectively. Needless to say, more patches will be forthcoming. For more information on MeltdownPrime and SpectrePrime, read this paper.