Intel confirms Foreshadow vulnerability in its processor chips


Computing giant Intel has confirmed a new vulnerability in its processor chips, the third major flaw to be confirmed this year.

Nicknamed Foreshadow, the flaw is said to be similar to the Meltdown and Spectre vulnerabilities uncovered in January that affected millions of computers and could be used to access personal information.

Intel confimed it has already released a patch to fix the issue.

Foreshadow is said to affect processors from 2015 onwards, and Intel has posted a list of affected hardware on its website.

(Lewis Whyld/PA)
(Lewis Whyld/PA)

The company's head of product assurance and security, Leslie Culbertson, said Intel did not believe the flaw had been used to hack any personal information but encouraged people and businesses to download any security updates they receive.

"We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," she said.

"This includes keeping systems up to date and taking steps to prevent malware."

The new vulnerability was discovered and reported by a group of researchers led by a team from KU Leuven University in Belgium.

Similarly to the Spectre and Meltdown flaws reported in January, the researchers said Foreshadow exploits a function called speculative execution - which is normally used to optimise computer performance - to access sensitive information on a system's memory that would normally be out of reach, including passwords and other data.

Intel has said that as well as issuing patches, it is changing the hardware design of its processors to prevent any vulnerability to the existing flaws.