"Intel Processors Are Still Vulnerable to Attack"
Over the past couple of years, security researchers have disclosed attacks, including Plundervolt, Zombieload, and Foreshadow, that could be executed through the exploitation of vulnerabilities in Intel processors. Although Intel has issued patches to address the vulnerabilities discovered by researchers, they are not enough to prevent a new attack developed by computer scientists at KU Leuven, called Load Value Injection (LVI). The LVI attack technique involves the exploitation of a vulnerability in the Software Gaurd Extension (SGE) enclaves. SGE uses isolation methods to protect code and data from being modified and exposed. The vulnerability allows an attacker to inject their data into a software program running on a victim's computer so that they could hijack the program and obtain sensitive data from the victim, such as passwords. This article continues to discuss the new LVI attack demonstrated against Intel processors, how Intel addressed the discovery of this attack, and other security flaws in Intel processors exposed by researchers at KU Leuven, as well as the concept behind SGX enclaves and how the LVI attack differs from previously discovered attacks.
KU Leuven reports "Intel Processors Are Still Vulnerable to Attack"