"Description: Improper conditions check in voltage settings for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure via local access," Intel says.
Researchers at three universities in Europe discovered the vulnerability and named it Plundervolt. It works by leveraging the same kind of controls that someone might use to overclock a processor, except an attacker would be trying to cause errors by altering bits inside SGX, which would then compromise the data and allowed it to plundered once it exists SGX. They would also be under-volting the CPU to achieve their nefarious goals.
The researchers say this could be used to steal encryption keys or to compromise software that would otherwise be secure.
"Because SGX only encrypts the data when read from/written to memory (but not inside the CPU), SGX's memory protection does not prevent these errors (since the faulty values themselves are written to memory)."
According to Oswald, Plundervolt is fairly safe, in that it does not over-volt the CPU and cause stability issues for the user—it's unlikely a system would crash if someone leveraged this vulnerability. That's also what makes it potentially dangerous (in theory, anyway), along with the fact that everything happens so fast, at least compared to attacks like Spectre and Meltdown.
Fortunately, this can't be leveraged remotely, meaning an attacker couldn't lure a user to a compromised website and then carry out the attack. Plundervolt runs from an app on an infected PC with root or admin privileges, and does not even work in virtualized environments. So even though it is a High level security flaw, the chances of this impacting a user is pretty small.
Nevertheless, Intel has issued microcode and BIOS updates to system manufacturers, which will then get doled out to the public.