Intel said software updates are already available and it did not appear anyone had taken advantage of the “Foreshadow” vulnerability, which has been likened to troubling “Meltdown” and “Spectre” flaws exposed in computer chips early this year.
“If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices,” Intel said on its website.
“Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods,” it said.
The “Meltdown” and “Spectre” flaws roiled the Silicon Valley chip maker, prompting a series of lawsuits and a congressional inquiry about Intel’s handling of the matter
“We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices,” Intel executive vice president and general manager of product assurance and security said of “Foreshadow” in a post on Intel’s website.
“Once systems are updated, we expect the risk to consumer and enterprise users running non-virtualized operating systems will be low.” DM