Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jan 3, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Intel this afternoon addressed reports of a serious design flaw and security vulnerability in its CPUs, shedding additional light on the issue that was uncovered yesterday and has since received extensive media coverage.

    In a statement on its website, Intel says that it planned to disclose the vulnerability next week when additional software patches were available, but was forced to make a statement today due to "inaccurate media reports."

    According to Intel, the issue is not limited to Intel chips and the exploits in question do not have the potential to corrupt, modify, or delete data. Despite Intel's statement, Intel chips are more heavily impacted, and it's worth noting that Intel makes no mention of reading kernel level data.
    Intel says it is working with several other technology companies including AMD, ARM, and operating system vendors to "develop an industry-wide approach" to resolve the problem "promptly and constructively."

    As outlined yesterday, the design flaw appears to allow normal user programs to see some of the contents of the protected kernel memory, potentially giving hackers and malicious programs access to sensitive information like passwords, login keys, and more. Fixing the issue involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level.

    Despite reports suggesting software fixes for the vulnerability could cause slowdowns of 5 to 30 percent on some machines, Intel claims performance impacts are workload-dependent and will not be noticeable to the average computer user.
    Intel goes on to say that it believes its products are "the most secure in the world" and that the current fixes in the works provide the "best possible security" for its customers. Intel recommends that users install operating system updates as soon as they are available.

    For Mac users, Apple has already addressed the design flaw in macOS 10.13.2, which was released to the public on December 6.

    Update: Security researchers have now shared details about two separate critical vulnerabilities impacting most Intel processors and some ARM processors. Called Meltdown and Spectre, the vulnerabilities offer hackers access to data from the memory of running apps, providing passwords, emails, documents, photos, and more.

    "Almost every system" since 1995 is impacted according to ZDNet, including computers and smartphones. Meltdown can read the entire physical memory of the target machine, while Spectre is able to break the isolation between different apps. Meltdown, an easy-to-use exploit, affects only Intel chips and can be addressed by a security patch, which could result in some performance issues. Spectre impacts all processors, including those from ARM and AMD, and while it is harder to exploit, there is no known fix. Fully addressing Spectre will require a re-architecture of how processors are designed.

    It's not known if hackers have exploited Meltdown and Spectre as of yet, but there are proof-of-concept examples out in the wild. Google's Project Zero team had a hand in unearthing the vulnerabilities and Google has also shared details on the exploits. Full research papers on Meltdown and Spectre are available here.

    Update 2: ARM and AMD have both issued statements following Intel's press release. AMD says there is a "near zero risk" to AMD processors at this time, while ARM says its processors are vulnerable.

    From AMD:
    From ARM:
    Article Link: Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]
     
  2. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #2
    I wonder how long Intel has known about this flaw.
     
  3. justperry macrumors G3

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #3
    Not.
    There are far more secure systems out there, for instance intelligence or military.
     
  4. Non-Polar macrumors member

    Joined:
    Jun 8, 2017
    #4
    This stretches back all the way to the 2XXX series chips (Maybe even before that), so I'm sure Intel has known for a very long time. It's funny how this came up all of the sudden and AMD's stocks skyrocketed (Before coming back down)
     
  5. jav6454 macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #5
    No... after this, I doubt Intel on security, and from what I gather, this stretches all the way back to the Pentium Pro.

    Also, I don't care if it modifies, writes or deletes... the most improtant thing the bug allows reading
     
  6. velocityg4 macrumors 601

    velocityg4

    Joined:
    Dec 19, 2004
    Location:
    Georgia
    #6
    At least those running DOS 6 and Windows 3.1 on a 486 are safe.
     
  7. timeconsumer macrumors 68000

    timeconsumer

    Joined:
    Aug 1, 2008
    Location:
    Portland
    #7
  8. avtella macrumors regular

    Joined:
    Nov 11, 2016
    #8
    To those of you saying you see no difference post patch, it seems this performance hit only applies under conditions where user mode instructions need to run as kernel mode from what I have read & heard.
     
  9. longofest Editor emeritus

    longofest

    Joined:
    Jul 10, 2003
    Location:
    Falls Church, VA
    #9
    I actually kind of doubt they knew about it. While AMD is not affected, it does look like ARM chips are affected. This flaw has potentially been around since Pentium Pro. If Intel knew about it, they'd have quietly fixed it rather than letting it go. I think this is just a really, really good find by the researchers.
     
  10. Wags macrumors 6502a

    Joined:
    Mar 5, 2006
    Location:
    Nebraska, USA
    #10
    Wanted to quietly release software patch and not really disclose contents. Now trying to pull in other companies to fend off blame.
     
  11. spyguy10709 macrumors 6502a

    spyguy10709

    Joined:
    Apr 5, 2010
    Location:
    One Infinite Loop, Cupertino CA
    #11
    It stretched back to pentium ii
     
  12. jav6454 macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #12
    In all seriousness, AMD processors are safe. If you are building your next PC take a long and very thourough look at Ryzen.
     
  13. blackberrycubed macrumors 6502a

    Joined:
    Feb 26, 2013
    #13
    Or .... NSA paid them to keep their mouth shut and look the other way until it comes out on its own and then just claim "oops, sorry"
     
  14. Val-kyrie macrumors 68000

    Joined:
    Feb 13, 2005
    #14
    So what was Apple's solution and what kind of performance hit do Macs experience? Under what kind of conditions?

    Interestingly, it appears ARM may be affected but not AMD. Is a processor change upcoming in Macs?
     
  15. vmistery macrumors 6502a

    Joined:
    Apr 6, 2010
    Location:
    UK
    #15
    And intelligence agencies.

    Intels response so far is very defensive and not hugely convincing. Interesting to see how it plays out
     
  16. theheadguy macrumors 65816

    Joined:
    Apr 26, 2005
    Location:
    california
    #16
    Been watching the news, haven’t seen ‘extensive’ coverage on this at all. News to me.
     
  17. ActionableMango macrumors G3

    ActionableMango

    Joined:
    Sep 21, 2010
    #17
    The fix requires changes at the OS level. How could Intel quietly patch everyone's operating system?
     
  18. velocityg4 macrumors 601

    velocityg4

    Joined:
    Dec 19, 2004
    Location:
    Georgia
    #18
    Sounds like this may lead to an SEC investigation for insider trading. Given that Apple's 10.13.2 update reportedly patches many of these flaws. It is reasonable to conclude Intel has had some knowledge of this issue for a while.

    Edit: The timing of the sale is bad. It doesn't necessarily mean intent was involved.
     
  19. BornAgainMac macrumors 603

    BornAgainMac

    Joined:
    Feb 4, 2004
    Location:
    Florida Resident
    #19
    I doubt SPARC, Snapdragon, A[x] chips are affected. Sounds like AMD is affected since they just copy Intel.
     
  20. soupcan macrumors 6502a

    soupcan

    Joined:
    Nov 21, 2014
    Location:
    Netherlands
    #20
    It's funny they mention AMD as another partner in this whole ordeal as AMD publicly stated that due to their architecture they're not affected by this bug in any way at all.
     
  21. kevinthebright macrumors newbie

    Joined:
    Dec 4, 2013
    #21
    Shading AMD is just another Intel cheap shot. That company has problems.
     
  22. longofest Editor emeritus

    longofest

    Joined:
    Jul 10, 2003
    Location:
    Falls Church, VA
    #22
    There is ongoing efforts to port this solution to ARM. I'm not a kernel dev, so I don't know for sure if that's because ARM is affected, but don't rule it out.

    AMD has publicly stated they are not affected.
     
  23. Will Lambert macrumors newbie

    Joined:
    Mar 7, 2014
    #23
    Looks like that "robust SW and HW ecosystem" for their Xeons has a flaw, and no AMD disagrees, this does not effect them.
    "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault." (https://wccftech.com/intel-kernel-memory-leak-bug-speculative-execution-performance-hit/)
     
  24. Hodar1 macrumors member

    Hodar1

    Joined:
    Nov 30, 2011
    Location:
    In the middle of the Rocky Mountains, for now.
    #24
    That statement WAS true back in the 32 bit days. AMD/Intel could share the same socket on motherboards, and often did. Then the 486DX fiasco came out, where Intel copyrighted the socket footprint, and the AMD/Intel "partnership" effectively shut things down. They still continued to use the same chipset for years afterwards, just different pin-out on the CPU.
    Fast forward to 64 bit days, and the bus architecture Intel uses is in stark difference to the HyperTransport system that AMD, NVidia, Apple, Broadcom, SGI, Sun and others all belong to (www.hypertransport.com). Today, AMD's design efforts seek to "mimic" Intel in operations, but seek to utilize alternative design approaches internally. Therefore, having worked there years ago in an engineering role; I disagree with the AMD "just copy Intel" statement. They seek to be compatible with Intel operations, but with Ryzen the internals are functionally different. If this exploit still exists, for me, is still an unsettled case.
     
  25. Rob_2811 macrumors 68000

    Joined:
    Mar 18, 2016
    Location:
    United Kingdom
    #25
    Not if its true.
     

Share This Page