Security News > 2020 > August > Researchers Revive 'Foreshadow' Attack by Extending It Beyond L1 Cache
Researchers revealed late on Thursday that the mitigations and patches rolled out in 2018 for the Foreshadow vulnerabilities affecting Intel processors can fail to prevent attacks.
A team of researchers from the Graz University of Technology in Austria and the CISPA Helmholtz Center for Information Security have revived the Foreshadow attack and made some other interesting discoveries.
Specifically, they discovered that the Foreshadow attack can be extended beyond the L1 cache, which previously was believed to be impossible, and attacks can still work despite the existing mitigations.
This has allowed them to revive Foreshadow and demonstrate that attacks can still be launched on older kernels patched against Foreshadow and with all mitigations enabled.
The research paper also describes a browser-based attack that can be used to break the address space location randomization and kernel ASLR protections, which can be useful in an attack that requires exact address knowledge.