“Intel is quietly advising some customers to hold off installing patches that address new security flaws affecting virtually all of its processors,” Robert McMillan reports for The Wall Street Journal. “It turns out the patches had bugs of their own. The glitch underscores the complexity of Intel’s challenge as it scrambles to fix the unprecedented vulnerabilities, which were disclosed more than a week ago.”
“In a confidential document shared with some customers Wednesday and reviewed by The Wall Street Journal, Intel said it identified three issues in updates released over the past week for ‘microcode,’ or firmware — software that is installed directly on the processor,” McMillan reports. “The document is being shared with computer makers and large cloud providers after a few reports that the updates appeared to cause some computers to reboot, said Stephen Smith, general manager of Intel’s data-center group. The bugs are ‘unrelated to security,’ he said, adding they affect a range of Intel’s older PC and server chips, including Broadwell processors introduced in 2015 and Haswell chips that date back to 2013.”
“Intel, which dominates the market for PC and server chips, said last week it expected to soon have microcode updates issued for 90% of the processors it produced during the past five years,” McMillan reports. “The fixes for these problems, however, have caused some performance slowdowns, particularly on older Intel systems.”
Read more in the full article here.
MacDailyNews Take: To find out the extent to which performance is negatively impacted by these bandaids, we await research from independent parties.
CERT: The only way to fix the Meltdown and Spectre vulnerabilities is to replace the CPU. Intel et al. are going to try to sell us on a software bandaid instead of really fixing the problem properly. Watch and see. https://t.co/OeC2AoPdlK #Intel #AMD #ARM
— MacDailyNews (@MacDailyNews) January 4, 2018
SEE ALSO:
In wake of Spectre and Meltdown, Intel CEO offers open letter, looks to restore confidence in Intel CPU security – January 11, 2018
Apple releases iOS and macOS updates with a mitigation for Spectre CPU flaw – January 8, 2018
Meltdown and Spectre: What Apple users need to know – January 8, 2018
How Apple product users can protect themselves against Spectre and Meltdown CPU flaws – January 5, 2018
Intel’s CEO Brian Krzanich sold off the majority of his shares after finding out about the irreparable chip flaws – January 4, 2018
Apple: All Mac systems and iOS devices are affected by Meltdown and Spectre security flaws – January 4, 2018
CERT: Only way to fix Meltdown and Spectre vulnerabilities is to replace CPU – January 4, 2018
Security flaws put nearly every modern computing device containing chips from Intel, AMD and ARM at risk – January 4, 2018
Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw – January 3, 2018
Intel’s massive chip flaw could hit Mac where it hurts – January 3, 2018
This is a job for… Super Apple®!! To push ahead with their own processor, wha’, A something or other. I canno’ remember, y’all boys know…
The problem is enabled by unrestricted speculative execution. The fix is to disallow some use-cases. That will impose a speed penalty, whether the fix comes through software, firmware, or hardware.
New chips may hide the penalty by running the remaining operations faster, but it will still be there. Once most OS and application code has been recompiled to avoid dangerous code execution, the hit will be pretty minor.
I like how one random anecdotal report becomes “fact” in this tech world of ours. Why does this shit get published? Why can’t these fucking idiots wait to run some proper tests? I’d like to punch them all.
cause its the media, dude.
Its all about gettin the first clicks…fact checking comes later (if at all).
If only Tim Cook has been aware of this problem…