“A major security flaw discovered in Intel chips requires a software fix that could negatively impact the performance of your Mac,” Killian Bell writes for Cult of Mac. “The ‘design blunder’ affects all Intel chips produced in the last 10 years, according to one report.’
“A serious security flaw in all Intel chips produced over the last 10 years allows desktop programs to read parts of the protected kernel memory, according to a report from The Register. This can include data like passwords, login keys, and other sensitive information,” Bell writes. “This is incredibly worrying for all users who choose Intel. It affects those running Windows, Linux, and macOS.”
“The only fix for this problem is to isolate the kernel memory from user processes. This requires a practice called Kernel Page Table Isolation, which could cause a performance hit. Windows and Linux machines could suffer a 5- to 30-percent slowdown,” Bell writes. “It is not yet clear what the impact might be under macOS.”
Read more in the full article here.
“Apple’s 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can’t address it,” John Leyden and Chris Williams report for The Register. “It has to be fixed in software at the OS level, or go buy a new processor without the design blunder… Your Intel-powered machine will run slower as a result.”
“At best, the vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs,” Leyden and Williams report. “At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory.”
“In an email to the Linux kernel mailing list over Christmas, AMD said it is not affected. The wording of that message, though, rather gives the game away as to what the underlying cockup is: ‘AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault,'” Leyden and Williams report. “A key word here is ‘speculative.’ Modern processors, like Intel’s, perform speculative execution. In order to keep their internal pipelines primed with instructions to obey, the CPU cores try their best to guess what code is going to be run next, fetch it, and execute it. It appears, from what AMD software engineer Tom Lendacky was suggesting above, that Intel’s CPUs speculatively execute code potentially without performing security checks.”
Read more in the full article here.
MacDailyNews Take: Intel should pay dearly for this flaw.
MDN Take: Dead on!
I was a recipient of the flawed “can’t do math” replacement Pentium chip. At first, they wanted the user to justify need, which was not difficult to do if you showed you knew arithmetic, then they expanded to all. There was a big lesson then for how to act responsibly and they learned it.
A security issue of that magnitude requiring a performance hit like that? Wow! At least they told us!
Intel, I will be expecting my replacement i7-5960X in due course.
Apple, I will be bringing my $4K trashcan over for a CPU replacement.
so where are the acquisitions of slowing down CPUs, class action lawsuits, demands for free CPUs, public out-roar in tech media? Not even a freaking useless PR apology. What gives. Nobody cares, -30% is nothing. Even if you are a cloud provider and have to get 30% more CPU to keep your level of performance.
Nobody asks if Intel did a genius scam sales here – first knowingly sacrificing security for performance and secondly slowing down for the sake of security. Even the slowdown patch will be released by the third parties. Intel does not even need to waste money in writing that. Genius.
Of course we care about 30% that could kill or hurt my products which run on Xeon servers !
To be fair, Intel is very implicated with the 3rd parties for these kinds of patches and fixes.
Not only for this case. Every CPU is released with Errata, which are known bugs in the CPU design. For any errata that aren’t fixed by the time the CPU releases, the OS manufacturers have to work around them. Sometimes a CPU microcode update can fix errata, resulting in a BIOS update from server manufacturer. If you read the published Intel CPU errata, many of those bugs are worked around in the OS. The Meltdown and Spectre bugs are no different. There is supposed to be a microcode update for Spectre, that comes from Intel.
BTW, I think you are assuming they knowingly sacrificed security.. This appears to be a bug, not a deliberate design flaw. If not, it will be fun to watch how it plays out at Intel. Heads may roll.
Its worst… ARM have problem too:
https://translate.google.com/translate?sl=pl&tl=en&js=y&prev=_t&hl=pl&ie=UTF-8&u=https%3A%2F%2Fmojmac.pl%2F2018%2F01%2F03%2Fpowazny-blad-w-procesorach-intela-czyli-z-cyklu-a-nie-mowilem%2F&edit-text=
“MacDailyNews Take: Intel should pay dearly for this flaw.”
Pay the consumers, not the manufactures.
The Intel flaw has a software workaround. It impacts performance but it works.
The Apple processor (ARM) has no fix. How much will Apple pay?
A cockup? Really? Is this worse than, say, a fu*kup?
Couldn’t agree more with MacDaylyNews’ take. I just spent about US$4,000 to get a state of the art MacBook Pro. I am not willing to spend an equal amount a couple of months later just to fix Intel’s blunder.
Decisions about how iPhones work with worn-out batteries lead to billions of dollars in class-action lawsuits? What about the core way microprocessors work when they ALL slow down 30% because of a design flaw? Billions upon billions. Could drive Intel right out of business. Only problem is seating a jury with enough background experience to fully understand the flaw and its ramifications…. are there 12 people in any one county in the United States to fully grasp this?
As Intel has had a 75-80% PC marketshare for the last 10 years, this is not just an Apple issue, so the headline is a bit stupid. It will hit 75-80% of PCs, not just Macs.
Yeah, but everyone knows any news with Apple attached spreads further and faster.
1) This is a Mac site
2) Mac’s are known for performance more than other PC brands, whether justified or not (they aren’t always the fastest). These patches may not hit a DELL where it hurts, because it doesn’t hurt business computing workload like it hurts performance computing workloads.
Apple Macs gave up performance long ago. Macs cannot compete with the latest workstations from HP and Dell.
Fire Tim Cook!
I guess I have to use my AMD powered Mac to be safe. Oh wait… an exclusive deal with Intel means that there are not any Mac’s with AMD processors.
It would be nice if Apple, like other ‘PC’ manufacturers, would have systems based on Intel and AMD processors. Imagine seeing both the Intel and a AMD 16 core Threadripper CPU based iMac/iMac Pro computers.
“Its performance, particularly in content creation tasks and production workloads, wipes the floor with the Intel equivalent. Taken as a whole, there really is no competition—Threadripper is the High End Desktop (HEDT) platform to beat.” ~Ars Technica
Even AMD devices have the Spectre vulnerability.
OK, this problem includes all chips produced in the last ten years, but when was this problem first identified, by whom, and what was done then? In particular, when was Apple aware of this problem and what did Apple do to mitigate risks to users?
You can see the queue already for those disposed to wish to in finding a way of blaming Apple for this debacle. Predictable I guess.
Predictable, perhaps, but is it invalid to ask when they knew?
Doesn’t matter when they knew. These things are kept secret under embargo on purpose while Intel, OS makers and HW manufacturers scramble to fix the situation BEFORE it becomes public and for good reason.
I can agree with that is it were law. Is it?
Where do checks and balances come in? They must.
if it were law…
Seems like manufacturers were made aware mid to late last year. Apple worked with Intel since then to study, analyze and develop patches.
Another reason to get that iPad Pro?
The processor in the iPad Pro has the Spectre vulnerability and there is no software fix for that.
I certainly hope Intel will pay for a real hardware fix for all my Macs.
The various spy agencies have the means, the apportunity, and the impunity to access your computer during transport. Some of them have a staff of tech experts who can extract and modify any part of the computer, including its chips to alter them into a spy device. This flaw is simply another version of a back door, a secret access that the NSA and CIA have demanded for years. Intel and subsidiary chips such as the GPU may also have this spy feature. I hope that Apple is not knowingly in on it.
According to The Register, macOS 10.13.2 has already addressed the bug.
“Finally, macOS has been patched to counter the chip design blunder since version 10.13.2, according to operating system kernel expert Alex Ionescu. And it appears 64-bit ARM Linux kernels will also get a set of KAISER patches, completely splitting the kernel and user spaces, to block attempts to defeat KASLR. We’ll be following up this week.”
Source: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
Maybe its a feature not a flaw. A feature included to satisfy NSA.
Just sayin’.
Apple can’t move away from Intel fast enough for me. I can’t wait for the day that their homegrown processors will be powerful enough for a MacPro. For now, we can wait for that to happen in MacBooks and maybe even lower tier iMacs and MacBook Pro’s. When I still ran Windows(2005 and earlier), I built my own PC’s and always built on the AMD platform….glad they are okay. LOL
This flaw also evidently affects AMD and ARM based chips as well. Whose chips would you suggest Apple move to?
There are actually two flaws that have been identified.
1) Meltdown – only affects Intel chips but has a software workaround that impacts performance 5 to 30%.
2) Spectre – affects almost all chips (Intel, ARM, AMD). There is no fix for this.