Now we've got Foreshadow, which can grab protected information even under virtual machine and hypervisor situations. (That is a good overview paper, but you can also get some random discussion from Twitter.)
VMWare poke one of my admins this morning with just such a warning or to be more succinct a corporate CYA moment.
Since following this vulnerability since last week and see the natural progression from theory to NMap to some exploit code but nothing wide spread yet or is this actually being exploited under our noses without notice?
Thus far it appears that you'd have to be near the hypervisor itself while reading a vulnerable machine through a tunnel while conversing with a free range unicorn under cover of darkness.
Thus far I am not seeing the opportunity to win this trifecta several times in a row or at least in this environment.
Could someone give me a reasonable scenario or example of exploitation, please?
> Beads (Contributor II) posted a new reply in Industry News on 08-20-2018 04:42
> Since following this vulnerability since > last week and see the natural progression from theory to NMap to some exploit > code but nothing wide spread yet or is this actually being exploited under our > noses without notice?
Nope, no exploit yet.
Yeah, I figure you're right: it'd be pretty specialized. However, it does indicate how bad and complicated the race condition problems are, and that it needs ot be fixed.
I remember reviewing a book on optimization, with a great quote on the topic: "Optimizations always bust things, because all optimizations are, in the long haul, a form of cheating, and cheaters eventually get caught." - Larry Wall