Apple Confirms 'Meltdown' and 'Spectre' Vulnerabilities Impact All Macs and iOS Devices, Some Fixes Already Released [Updated]

[JPack]

Everything I have read has stated that Meltdown is thought to only impact Intel chips as it is the only platform they've been able to observe the possible exploit on so far. That doesn't automatically give other processors a clean bill of health. All these processors do speculative processing, and Apple very well could have R&Ded (ripped of and duplicated) Intel's implementation for their custom A-series chips. Or there could be another avenue not yet discovered that is vulnerable to a similar attack.

Apple licenses ARM architectures. They didn't reinvent the wheel. Given ARM was affected, it was almost guaranteed Apple would be affected. We now know with 100% certainty Apple is affected.
[doublepost=1515115560][/doublepost]

Do they conform to the x86-64 spec? If they don't, they aren't impacted.

BL.

You obviously don't know what you're talking about.

Any processor that uses out-of-order with a high degree of speculation may be affected.

Apple has just confirmed their processors are affected.
https://support.apple.com/en-us/HT208394

 

[bradl]

Apple licenses ARM architectures. They didn't reinvent the wheel. Given ARM was affected, it was almost guaranteed Apple would be affected. We now know with 100% certainty Apple is affected.
[doublepost=1515115560][/doublepost]

You obviously don't know what you're talking about.

Just corrected my post. I thought he was referring to Spectre, not Meltdown.

And being a Linux Sysadmin for the past 25 years, you're not one to judge.

BL.

 

[crazy dave]

Do they conform to the x86-64 spec? If they don't, they aren't impacted.

BL.

I don't think it's necessary to conform to the entire spec for meltdown ... just the cache timing side channel mechanism

https://developer.arm.com/support/security-update

EDIT: Saw you edited your post, you may ignore mine

 

[Danbrown521]

Sorry.. need to delete

 

[bradl]

What was it?

From The Register:

The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI.

Read the rest of that paragraph, and acronym the name of the patch, and you'll see what they mean.

BL.

 

[iSee]

Does it only affect Intel processors?
Spectre affects all modern processors, including those designed by Intel, AMD and ARM, but Meltdown is currently thought only to affect Intel chips manufactured since 1995, with the exception of the Itanium and Atom chips made before 2013.

https://www.theguardian.com/technol...uter-processor-intel-security-flaws-explainer

Despite the early reporting, it appears that Meltdown does affect some ARM processors (apparently, including Apple's variants).

Here's ARM's own statement on this:
https://developer.arm.com/support/security-update
inclding a list of which processors are affecting by which vulnerability.

 

[curmudgeonette]

I don't think it's necessary to conform to the entire spec for meltdown ... just the cache timing side channel mechanism

The cache timing side channel mechanism is how the speculatively executed code communicates its probing back to the main code. It is not the bug. The bug is that reading protected memory still loads a value into the CPU and makes it available for further speculatively executed code.

 

[z970]

From The Register:



Read the rest of that paragraph, and acronym the name of the patch, and you'll see what they mean.

BL.

Jeez.

Let's all switch to AMD.

 

[cube]

Those just happen to be the biggest 3, but you can pretty much bet that any CPU that uses speculative execution logic is vulnerable.

I am not convinced by your jumping to that conclusion.

 

[crazy dave]

The cache timing side channel mechanism is how the speculatively executed code communicates its probing back to the main code. It is not the bug. The bug is that reading protected memory still loads a value into the CPU and makes it available for further speculatively executed code.

I'm just going based on this:

"Cache timing side-channels are a well-understood concept in the area of security research and therefore not a new finding. However, this side-channel mechanism could enable someone to potentially extract some information that otherwise would not be accessible to software from processors that are performing as designed. This is the issue addressed here and in the Cache Speculation Side-channels whitepaper."

https://developer.arm.com/support/security-update

I admit I am far, far, far from an expert. So if you are I'll defer. But it seems like the cache timing mechanism is what allows the extracting of information. How I understand it is that by querying the cache and recording the timings of the responses, you can get at what the information is. I've probably jumbled that up, but my impression was that the cache timing was intimately linked to extraction of information. Obviously the branch prediction is as well.

(Besides the main point of that post was a response that Meltdown had nought to do with x86-64 intrinsically, which the poster bradl agreed with, he just thought we were discussing Spectre)

 

[garirry]

Lol, am wondering how much the latest xbox and ps4 consoles will take a performance hit if they decide to patch those

Not only has it been demonstrated that there was basically no reduction in gaming performance (on PC) with the patch, but those consoles are closed system so exploits are not practical.

 

[JPack]

I am not convinced by your jumping to that conclusion.

You don't need to be convinced.

Apple has already admitted their application processors are affected by Meltdown and Spectre.

 

[cube]

You don't need to be convinced.

Apple has already admitted their application processors are affected by Meltdown and Spectre.

I am not sure Apple actually meant pre-Intel Macs.

And those are not the only modern CPU architectures in existance.

 

[longofest]

What was it?

No they're referring to Meltdown.

Meltdown
"The researchers say they haven't been able to perform the same kind of kernel memory-based speculation on AMD or ARM processors, though they hold out some hope that some way of using this speculation offensively will be developed. While AMD has stated specifically that its chips don't speculate around kernel addresses in this way, ARM has said that some of its designs may be vulnerable, and ARM employees have contributed patches to Linux to protect against Meltdown."

https://arstechnica.com/gadgets/201...odern-processor-has-unfixable-security-flaws/

https://developer.arm.com/support/security-update

========================

And it seems Apple implemented hardware vulnerable to it as well. It may not be vulnerable in the same way, but they still felt it necessary to issue patches because it could still be vulnerable.

https://support.apple.com/en-us/HT208394

Yup... you're right. Thanks.

 

[oldmacs]

They should be releasing this for Lion and El Capitan as well as iOS 9 and 10.

 

[crazy dave]

Yup... you're right. Thanks.

No worries, it's such a cluster*** of a problem that it is hard to keep track of it all. I do believe Intel is the most affected - even beyond the number of chips, I get the impression that their implementation was the worst. But truly I don't know that. From what I've read it is unclear how many ARM/custom chips were actually tested and how exploitable they were compared to Intel.

I keep saying "impression" and "believe" because I'm not expert either, just trying to make sense of it.

 

[Tom Sawyer]

We are in a constant state of beta testing production "ready", publicly released hardware and software. Intel, AMD, Tesla, Samsung, Apple... it's all the same. Get it to retail as quickly as possible so we can make more money. Just part of the pillars of capitalism and our culture. Good times.

I could be wrong since PowerPC's are apparently susceptible as well, but I think this still goes back to the departure from RISC based architecture to CISC. Perhaps not directly related, but certainly a product of taking the easy road instead of sticking to more elegant design at the microprocessor level and requiring more skilled and thought out code at the software layer. Again, just my opinion but as always, I would love to hear others thoughts on this.

 

[Act3]

Not only has it been demonstrated that there was basically no reduction in gaming performance (on PC) with the patch, but those consoles are closed system so exploits are not practical.

They aren’t closed systems. PS4 has a web browser.

 

[crazy dave]

We are in a constant state of beta testing production "ready", publicly released hardware and software. Intel, AMD, Tesla, Samsung, Apple... it's all the same. Get it to retail as quickly as possible so we can make more money. Just part of the pillars of capitalism and our culture. Good times.

I could be wrong since PowerPC's are apparently susceptible as well, but I think this still goes back to the departure from RISC based architecture to CISC. Perhaps not directly related, but certainly a product of taking the easy road instead of sticking to more elegant design at the microprocessor level and requiring more skilled and thought out code at the software layer. Again, just my opinion but as always, I would love to hear others thoughts on this.

I think pillars of capitalism etc .. are part of it, but not the whole story. Companies, for good reason, prioritized speed over security (that's the capitalism part). While there were a few voices who said the branch prediction hardware could be vulnerable, this is the first time (to public knowledge) that it's been shown it could be done. So I can understand why companies did it and this wasn't an overnight, rushed decision. But it is a (potentially massive) screwup and that we've been implementing it for so long without safeguards is worse than rushing out a beta product.

Branch prediction like Spectre (and super-agressive branch prediction like Meltdown) is separate from CISC/RISC. It's just heavy hardware optimization meant to squeeze every possible performance drop out of the silicon you have.

 

[cmaier]

I think pillars and capitalism etc .. are part of it, but not the whole story. Companies, for good reason, prioritized speed over security (that's the capitalism part). While there were a few voices who said the branch prediction hardware could be vulnerable, this is the first time (to public knowledge) that it's been shown it could be done. So I can understand why companies did it. But it is a (potentially massive) screwup.

Branch prediction like Spectre (and super-agressive branch prediction like Meltdown) is separate from CISC/RISC. It's just heavy optimization meant to squeeze every possible performance drop out of the silicon you have.

There are many side channel attacks that are known, and it’s impractical to protect against all of them; instead CPU designers focus on the ones where practical exploits have been demonstrated.

For example, it’s entirely possible to obtain secret information from a CPU by monitoring slight fluctuations on the CPU power rails. CPU designers have only bothered to address this for certain critical applications, since it’s hard to implement a generalized attack.

 

[crazy dave]

There are many side channel attacks that are known, and it’s impractical to protect against all of them; instead CPU designers focus on the ones where practical exploits have been demonstrated.

Yeah absolutely, I can understand that. I even agree with it. But when a problem like this does crop up on products that have been shipping for so long, it does make it that much harder to ensure the fix reaches everyone. The scale of the problem is that much worse. That's all I'm saying.

For example, it’s entirely possible to obtain secret information from a CPU by monitoring slight fluctuations on the CPU power rails. CPU designers have only bothered to address this for certain critical applications, since it’s hard to implement a generalized attack.

I did not know that about power rails .

 

[JPack]

No worries, it's such a cluster*** of a problem that it is hard to keep track of it all. I do believe Intel is the most affected - even beyond the number of chips, I get the impression that their implementation was the worst. But truly I don't know that. From what I've read it is unclear how many ARM/custom chips were actually tested and how exploitable they were compared to Intel.

I keep saying "impression" and "believe" because I'm not expert either, just trying to make sense of it.

Intel market share is around 80% for desktops and 90% for notebooks. They're the biggest player and most visible.

It's like saying there's a flaw with pens, if you cut one in half, ink can leak. Well, most ballpoint pen designs are based on the Bic design from the 1950s so most manufacturers are affected.

 

[Seret6]

I need the wallpapers shown on the picture of this story. Any help from our valuable contributors will be appreciated

 

[z970]

We are in a constant state of beta testing production "ready", publicly released hardware and software. Intel, AMD, Tesla, Samsung, Apple... it's all the same. Get it to retail as quickly as possible so we can make more money. Just part of the pillars of capitalism and our culture. Good times.

You think socialism would have prevented this?

 

[crazy dave]

Intel market share is around 80% for desktops and 90% for notebooks. They're the biggest player and most visible.

It's like saying there's a flaw with pens, if you cut one in half, ink can leak. Well, most ballpoint pen designs are based on the Bic design from the 1950s so most manufacturers are affected.

Yeah I get that. But unfortunately, because I don't think the researchers did a lot of non-Bic testing (or at least I haven't read about a lot of ARM testing), it means that how exploitable ARM/Apple is less clear, except that they were worried enough to issue patches for Meltdown for some of their chips (so probably fairly exploitable). The only thing we know is that AMD is not exploitable by Meltdown ... just Spectre.

EDIT: Okay my above statement is indeed wrong: the link I myself put in a previous post has a whitepaper where they describe researching ARM's susceptibility to Meltdown. So I guess all that's left is whether Apple's design had the same exact flaw(s) or different one(s) from their ARM counterparts (my money would be on the former).