“A function of Intel’s processors dealing with speculative execution has another vulnerability that affects all Intel-based computers including Apple’s Mac, researchers have revealed, with ‘Spoiler’ potentially allowing an attacker the ability to view the layout of memory, and in turn potentially access sensitive data stored in those location,” Malcolm Owen reports for AppleInsider.
“The technique is able to determine how virtual and physical memory is related to each other, by measuring the timing of speculative load and store operations performed by the processor, reports The Register,” Owen reports. “By spotting discrepancies in the timing, it is possible for an attacker to determine the memory layout, and in turn know areas to attack.”
“‘There is no software mitigation that can completely erase this problem,’ according to the researchers. While the chip architecture could be fixed, it would considerably cut into the chip’s performance,” Owen reports. “As it is an issue that affects all Intel Core processors from the first generation onwards to the most recent releases, regardless of operating system, it is almost certain that all Macs are susceptible to attacks that take advantage of the vulnerability. It is unclear if Apple has specifically responded to the issue due to it potentially affecting its macOS-running products. The researchers note that ARM and AMD processor cores do not exhibit the same behavior, which means iPhones and iPads are safe from such attacks. ”
Read more in the full article here.
MacDailyNews Take: Yet another reason to dump Intel’s defective garbage in Macs and move to vasty more efficient, secure Apple-designed solutions.
• I’ve always wanted to own and control the primary technology in everything we do. — Steve Jobs, October 12, 2004
• In order to build the best products, you have to own the primary technologies. Steve felt that if Apple could do that — make great products and great tools for people — they in turn would do great things. He felt strongly that this would be his contribution to the world at large. We still very much believe that. That’s still the core of this company. — Apple CEO Tim Cook, March 18, 2015
When a companies sell defective wares, as Intel has, they are hit with class action lawsuits, as Intel has been, and rightfully so. If the result causes the companies to go bankrupt because their incompetence compromised the security and performance of untold millions of products, so be it. Such a result would be deserved. — MacDailyNews, May 22, 2018
When flawed, insecure, and therefore defective products are sold to consumers, recalls and/or recompense are the proper responses. — MacDailyNews, January 4, 2018
CERT: The only way to fix the Meltdown and Spectre vulnerabilities is to replace the CPU. Intel et al. are going to try to sell us on a software bandaid instead of really fixing the problem properly. Watch and see. https://t.co/OeC2AoPdlK #Intel #AMD #ARM
— MacDailyNews (@MacDailyNews) January 4, 2018
Intel discloses new ‘Variant 3a’ and ‘Variant 4’ Spectre-like chip flaw vulnerabilities – May 22, 2018
Intel’s Spectre patch is causing reboot problems – January 12, 2018
In wake of Spectre and Meltdown, Intel CEO offers open letter, looks to restore confidence in Intel CPU security – January 11, 2018
Apple releases iOS and macOS updates with a mitigation for Spectre CPU flaw – January 8, 2018
Meltdown and Spectre: What Apple users need to know – January 8, 2018
How Apple product users can protect themselves against Spectre and Meltdown CPU flaws – January 5, 2018
Intel’s CEO Brian Krzanich sold off the majority of his shares after finding out about the irreparable chip flaws – January 4, 2018
Apple: All Mac systems and iOS devices are affected by Meltdown and Spectre security flaws – January 4, 2018
CERT: Only way to fix Meltdown and Spectre vulnerabilities is to replace CPU – January 4, 2018
Security flaws put nearly every modern computing device containing chips from Intel, AMD and ARM at risk – January 4, 2018
Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw – January 3, 2018
Intel’s massive chip flaw could hit Mac where it hurts – January 3, 2018