Last week, Microsoft and Intel came together in their bid to finally launch individual updates that were mutually compatible in order to tackle the Spectre virus that had been plaguing users worldwide. The updates were meant to stabilize the PC’s that had been affected by the issue, which had led to complaints in performance drops, overheating and lag. Though Microsoft took nearly two months to properly respond to the complaints and Intel had to roll back an earlier upgrade that it had offered to solve the problem, it seemed the worse was behind us. That was a false assumption, as it has now emerged that a new form of the Spectre virus has users both worried and angered.
The virus was discovered by a group of six scientists working at Ohio State University. The reason for this variation in the name is due to this virus’s tendency to extract information from the Intel SGX enclaves.
The SGX stands for “Software Guard eXtensions”. It is a unique feature of modern Intel processors that enable applications to create enclaves within the processor. These enclaves are basically the hardware-isolated section of the processing memory within the CPU. The reason these enclaves exist is because it makes it easier for the applications in question to store, recover and access sensitive information such as encryption keys, passwords, user data and more. This also assists the auto fill and “Always remember” options as it allows such information to be readily available on the physical memory without requiring continuous access to the enclaves where it is mainly stored.
Last week’s Meltdown and Spectre attacks exposed the fact that attackers have been able to break the isolation between the OS and apps as well as the cross-app isolation which has allowed extraction of sensitive information from OS kernel and other apps.
Despite such excessive break-ins, none of the two attacks had been able to access the SGX enclaves, until the SgxSpectre became involved. SgxSpectre functions in this case by preying on the specific code patterns that software libraries have, that allow developers to add SGX support to their apps. A wonderful idea has been turned on its head to extract sensitive information.
The academics that discovered the virus have further claimed that SgxSpectre attacks can be used on almost all applications as they contain vulnerable code patterns as well.
Aside fromSgxSpectre, two other variations were also found of last week’s Meltdown and Spectre; MeltdownPrime and SpectrePrime.