Roi Panai, Senior Engineering Manager for Research at Mimecast and Director of Research at Solebit:
“The rising number of hardware vulnerabilities should concern us, the defenders, since these kind of exploits are much more difficult to patch and thus very difficult to be protected.
Following other Intel CPU vulnerabilities such as “Melt-Down”, Foreshadow proves that protecting an essential data (i.e. kernel space) with strong confidentiality and integrity security methods is not enough.
The attack exploits instructions execution cache methods designed for processing optimization in order to extract information from privileged locations using different methods (i.e. covert-channel). Together with “Foreshadow-NG” variations, these kind of attacks proved to be very effective against “isolated” sections by exposing cached physical memory data which is widely used by virtual entities for example, giving the attacker full information about running virtual machines which was considered to be unreachable before.
Some strong and important modules, such as optimization processes, may compromise other security methods leaving some holes for attackers to be exploited, thus proving that the trade-off between security and advanced processing might be dangerous.”