Cyber-security researchers at Ohio State University have discovered a means of using the Spectre CPU vulnerability to read memory in Intel’s SGX (Software Guard Extensions) technology.
SGX is intended to provide custom protected areas of execution called “enclaves” to protect select code from being exposed even if other system elements have been compromised. The Intel security tech is marketed as a way to add an additional layer of partitioning of memory space to store digital keys, biometric tokens, passwords and other sensitive data.
The researchers noted that while their exploit, tagged SgxPectre, allows the protected areas of SGX memory to be accessed, this specific attack requires local physical access to the machine, significantly lowering the attack surface available, and eliminating concern for Internet-based attacks.
On the bright side Intel have announced they expect the issue to be completely resolved in software, and expect to have a patch released by March 16, 2018.