Intel’s massive chip flaw could hit Mac where it hurts

“A major security flaw discovered in Intel chips requires a software fix that could negatively impact the performance of your Mac,” Killian Bell writes for Cult of Mac. “The ‘design blunder’ affects all Intel chips produced in the last 10 years, according to one report.’

“A serious security flaw in all Intel chips produced over the last 10 years allows desktop programs to read parts of the protected kernel memory, according to a report from The Register. This can include data like passwords, login keys, and other sensitive information,” Bell writes. “This is incredibly worrying for all users who choose Intel. It affects those running Windows, Linux, and macOS.”

“The only fix for this problem is to isolate the kernel memory from user processes. This requires a practice called Kernel Page Table Isolation, which could cause a performance hit. Windows and Linux machines could suffer a 5- to 30-percent slowdown,” Bell writes. “It is not yet clear what the impact might be under macOS.”

Read more in the full article here.

“Apple’s 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can’t address it,” John Leyden and Chris Williams report for The Register. “It has to be fixed in software at the OS level, or go buy a new processor without the design blunder… Your Intel-powered machine will run slower as a result.”

“At best, the vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs,” Leyden and Williams report. “At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory.”

“In an email to the Linux kernel mailing list over Christmas, AMD said it is not affected. The wording of that message, though, rather gives the game away as to what the underlying cockup is: ‘AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault,'” Leyden and Williams report. “A key word here is ‘speculative.’ Modern processors, like Intel’s, perform speculative execution. In order to keep their internal pipelines primed with instructions to obey, the CPU cores try their best to guess what code is going to be run next, fetch it, and execute it. It appears, from what AMD software engineer Tom Lendacky was suggesting above, that Intel’s CPUs speculatively execute code potentially without performing security checks.”

Read more in the full article here.

MacDailyNews Take: Intel should pay dearly for this flaw.

31 Comments

  1. MDN Take: Dead on!

    I was a recipient of the flawed “can’t do math” replacement Pentium chip. At first, they wanted the user to justify need, which was not difficult to do if you showed you knew arithmetic, then they expanded to all. There was a big lesson then for how to act responsibly and they learned it.

    A security issue of that magnitude requiring a performance hit like that? Wow! At least they told us!

    Intel, I will be expecting my replacement i7-5960X in due course.
    Apple, I will be bringing my $4K trashcan over for a CPU replacement.

    1. so where are the acquisitions of slowing down CPUs, class action lawsuits, demands for free CPUs, public out-roar in tech media? Not even a freaking useless PR apology. What gives. Nobody cares, -30% is nothing. Even if you are a cloud provider and have to get 30% more CPU to keep your level of performance.
      Nobody asks if Intel did a genius scam sales here – first knowingly sacrificing security for performance and secondly slowing down for the sake of security. Even the slowdown patch will be released by the third parties. Intel does not even need to waste money in writing that. Genius.

      1. Of course we care about 30% that could kill or hurt my products which run on Xeon servers !
        To be fair, Intel is very implicated with the 3rd parties for these kinds of patches and fixes.
        Not only for this case. Every CPU is released with Errata, which are known bugs in the CPU design. For any errata that aren’t fixed by the time the CPU releases, the OS manufacturers have to work around them. Sometimes a CPU microcode update can fix errata, resulting in a BIOS update from server manufacturer. If you read the published Intel CPU errata, many of those bugs are worked around in the OS. The Meltdown and Spectre bugs are no different. There is supposed to be a microcode update for Spectre, that comes from Intel.
        BTW, I think you are assuming they knowingly sacrificed security.. This appears to be a bug, not a deliberate design flaw. If not, it will be fun to watch how it plays out at Intel. Heads may roll.

  2. Couldn’t agree more with MacDaylyNews’ take. I just spent about US$4,000 to get a state of the art MacBook Pro. I am not willing to spend an equal amount a couple of months later just to fix Intel’s blunder.

  3. Decisions about how iPhones work with worn-out batteries lead to billions of dollars in class-action lawsuits? What about the core way microprocessors work when they ALL slow down 30% because of a design flaw? Billions upon billions. Could drive Intel right out of business. Only problem is seating a jury with enough background experience to fully understand the flaw and its ramifications…. are there 12 people in any one county in the United States to fully grasp this?

    1. 1) This is a Mac site
      2) Mac’s are known for performance more than other PC brands, whether justified or not (they aren’t always the fastest). These patches may not hit a DELL where it hurts, because it doesn’t hurt business computing workload like it hurts performance computing workloads.

  4. I guess I have to use my AMD powered Mac to be safe. Oh wait… an exclusive deal with Intel means that there are not any Mac’s with AMD processors.

    It would be nice if Apple, like other ‘PC’ manufacturers, would have systems based on Intel and AMD processors. Imagine seeing both the Intel and a AMD 16 core Threadripper CPU based iMac/iMac Pro computers.

    “Its performance, particularly in content creation tasks and production workloads, wipes the floor with the Intel equivalent. Taken as a whole, there really is no competition—Threadripper is the High End Desktop (HEDT) platform to beat.” ~Ars Technica

  5. OK, this problem includes all chips produced in the last ten years, but when was this problem first identified, by whom, and what was done then? In particular, when was Apple aware of this problem and what did Apple do to mitigate risks to users?

        1. Doesn’t matter when they knew. These things are kept secret under embargo on purpose while Intel, OS makers and HW manufacturers scramble to fix the situation BEFORE it becomes public and for good reason.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.