Foreshadow, Why It’s Way Worse Than Meltdown and Spectre

Now that we have your attention, the next question is often “What is the difference between Spectre, Meltdown, and Foreshadow?” Putting it simply, Spectre and Meltdown trick programs to access specific sectors of memory through speculative execution (in the case of Spectre, the memory areas accessed are specific to the targeted program, while Meltdown targets privileged memory). The malware forces a branch prediction that loads desired data into memory, after which the desired contents are accessed by the malware. Meltdown is specific to Intel CPUs, IBM Power CPUs, and some ARM-based microprocessors, while Spectre vulnerabilities can be utilized across any processors utilizing speculative execution.

Foreshadow takes the concepts embodied in Spectre and Meltdown but applies them to the processor’s L1 cache. This allows Foreshadow (also known as the “L1 Terminal Fault”) to attack Security Guard Extension (SGX) enclaves in Intel processors, as well as the memory of virtual machines, hypervisors, operating system kernels, and CPU system management mode (SMM) memory, creating huge vulnerabilities in computers that these concepts were designed to prevent. Like workarounds for Spectre and Meltdown, Foreshadow workarounds have significant impacts on system performance. While there have been no documented cases of attacks based on Foreshadow, it is important to note that any Foreshadow-based attack would be very stealthy, and it may be impossible to determine that it occurred. When this stealthiness is combined with the criticality of the data that can be accessed, it is easy to see why Foreshadow is potentially the most insidious of these CPU vulnerabilities.