Target: Intel SGX
Attack Vector: Repetitive code execution patterns
Summary: A new variation of the Spectre attack named SgxSpectre that can extract information from Intel SGX enclaves has been revealed this week. The new variant can allow an attacker to completely compromise the confidentiality of SGX enclaves and learn the content of the enclaves memory.
Risk assessment summary: The threat is assessed as 3e MODERATE and the likelihood has been rated as POSSIBLE. If successful, attackers can potentially compromise the confidentiality of SGX enclaves and retract sensitive information held in the enclaves. Although the original variants of Spectre have been mitigated the new variant is not expecting mitigations until 16th March 2018 so companies are still at risk of exposure.