Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw

“After a public disclosure of a security flaw with nearly every Intel processor produced for the last 15 years, concern grew that a fix may take up to 30 percent of the processing power away from a system,” Mike Wuerthele reports for AppleInsider. “But Apple appears to have at least partially fixed the problem with December’s macOS 10.13.2 —and more fixes appear to be coming in 10.13.3.”

“Multiple sources within Apple not authorized to speak on behalf of the company have confirmed to AppleInsider that there are routines in 10.13.2 to secure the flaw that could grant applications access to protected kernel memory data,” Wuerthele reports. “These measures, coupled with existing programming requirements about kernel memory that Apple implemented over a decade appear to have mitigated most, if not all, of the security concerns associated with the flaw publicized on Tuesday.”

Wuerthele reports, “Further confirming the fixes, developer Alex Ionescu has further identified the code that fixed the issue, and is calling it the ‘Double Map.'”

AppleInsider is in the midst of comparative speed testing on a 2017 MacBook Pro,” Wuerthele reports. “Early indications are that there are no notable slowdowns between a system running macOS High Sierra 10.13.1 and 10.13.2.”

Read more in the full article here.

MacDailyNews Take: More proof that relying on one vendor for a component as important as the CPU, the poster child for “primary technology,” is lunacy.

I’ve always wanted to own and control the primary technology in everything we do.Steve Jobs, October 12, 2004

In order to build the best products, you have to own the primary technologies. Steve felt that if Apple could do that — make great products and great tools for people — they in turn would do great things. He felt strongly that this would be his contribution to the world at large. We still very much believe that. That’s still the core of this company.Apple CEO Tim Cook, March 18, 2015

Intel’s massive chip flaw could hit Mac where it hurts – January 3, 2018
Project Marzipan: Can Apple succeed where Microsoft failed? – December 21, 2017
Apple is working to unite iOS and macOS; will they standardize their chip platform next? – December 21, 2017
Why Apple would want to unify iOS and Mac apps in 2018 – December 20, 2017
Apple to provide tool for developers build cross-platform apps that run on iOS and macOS in 2018 – December 20, 2017
The once and future OS for Apple – December 8, 2017
On the future of Apple’s Macintosh – February 6, 2017
Tim Bajarin: I see Apple moving many users to an iOS-based mobile device over the next 3-4 years – November 7, 2016


  1. Intel has a bigger problem than the “division issue” provide. Today the internet is far more powerful in reaching consumers and demands for cures to the problem are going to present heavy demands on Intel. Reality is that Intel does not have the production compact to replace all processors That might mean Intel filing bankruptcy to ease the issues.

    Of course there will be a large number of class action suits on this – lawyers around the world are gearing up as we read the initial reports.

    As far as Apple goes, they will have a desktop/notebook A Series processor in the works for some future point. That might be released sooner if Intel locks up on R&D and shipping new, more powerful processors. It all depends on it the Giant has been castrated.

    1. Yes. This bug in Intel processors is a very big issue. It may well, as you say, be a bigger issue than the floating point issue of yore.

      However, think about it for a moment. The bug has existed, by some accounts, for 15 years. It has taken that long for bug finders to actually figure it out and expose it. It is NOT something that was trivial to find. Thinking that Intel is going file bankruptcy over this issue due to various legal actions is truly asinine.

      With it taking 15 years for others to find the bug, it is *extremely* difficult for anyone to argue that Intel should have known it was there. If someone had stumbled upon it 10 years ago and Intel had intentionally ignored it, then Intel would have a problem. If this had been found weeks after the last generation of chips started shipping and it was only in the last generation, we could all say that Intel should have tested them better — and Intel might have a problem.

      However, this was, and is, a nasty bug that was well hidden and burrowed deep into the general architecture at a fundamental level that Intel didn’t change for many, many years.

      A question to you… “How has this bug directly, negatively affected you for the past 15 years?”

        1. Apparently no slowdown.

          Geekbench 3.3.2
          Hexacore Mac Pro (2013)

          single multi
          32 bit 3127 18019
          64 bit 3513 20375

          single multi
          32 bit 3258 18240
          64 bit 3571 20338

          single multi
          32 bit 3291 18569
          64 bit 3529 20001

          So good news.

  2. It certainly could well push a whole range of software houses moving their plans up a notch or two towards the idea of creating Arm compatible full competitive versions of their products seeing in this a far greater potential future movement towards Arm architecture as processors become increasingly capable and the captive Intel client base becomes far less captive further and further up the power scale. Never would have seen that possibility in any foreseeable future a few years back.

    1. I guess you’re not aware of the fact that ARM processors use many of the same techniques that Intel processors do that cause this issue. I haven’t heard any confirmed reports of the issue showing up in ARM processors, but I do know two things: 1) people are looking into ARM, and 2) there are people developing Linux patches to get around the bug if it exists.

      So… because ARM uses many of the same techniques at issue with the Intel processors, there are many people assuming it’s in ARM too. They think they just need to find it and confirm it.

      1. There are two exploits called Meltdown and Spectre. Meltdown affects Intel, while Spectre affects ARM, but they both exploit a similar flaw in their respective CPUs.

        The basic principle is that both CPU families achieve speed advantages by speculative execution. The CPU thinks ahead and executes instructions which the CPU thinks it’s likely to receive and store that data ready for use in a high speed cache. If it guesses right, then it’s ahead of the game, while if it guesses the wrong instruction, it merely has to go back and perform the requested instruction. For both Intel and ARM, the exploits work by tricking the CPU into allowing unauthorised access to the data cached within the CPU by those speculatively executed instructions.

        There seems to be more detail available concerning Meltdown ( Intel ) than Spectre ( ARM ).

  3. Nice to see Apple ahead instead of playing catch up on a security flaw. If this impacts all Intel HW and Apple can handle a SW fix w/o a blow to speed, it will be a major marketing advantage for Enterprise- especially servers.

    Oh that’s right, Apple killed Server HW and OS because they are more interested in anything but a Mac under Tim Cook. That thing in the app store is a toy.

    1. No, moron/chronic whiner, Apple’s server hardware was discontinued while Steve was running the company.

      If you need to make up crap for the mere purpose of complaining, you should look in the mirror. Look hard.

      1. The Xserve was discontinued under Steve Jobs. However, even before the Xserve was discontinued fully it was replaced by the Mac Pro Server. So dedicated server hardware configurations and reasonably complete server OSes were still available from Apple after Steve Jobs died.

        The Mac Pro Sever was discontinued in late 2013, about two years into Tim Cook’s tenure. Further, the server software patches available for the current “Mac Pro” are effectively a bunch of patches to the standard macOS rather than a true server OS. This transition of the server OS happened under Tim Cook too.

    1. Yep. It affects the entire 15 years of production. The partial patch is currently only available for 10.3.3. Hopefully Apple will release a patch that covers the older hardware.

    1. Both 10.11 and 10.12 both appear to have also been patched back on Dec 6. A new entry was added that indicates the 2017-002 update for 10.12 and the 2017-005 updates for 10.11 (along with 10.13.2 for high sierra) all fix the Meltdown vulnerability (CVE-2017-5754).

      NONE of the entries list any fixes for the other two Spectre vulnerabilities — CVE-2017-5753 or CVE-2017-5715. There have been no other new security updates listed on the Apple support site.

      Reference (all Apple security updates) —
      Reference (with fixes listed for CVE-2017-5754) —
      Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6

      Entry added January 4, 2018”

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.