Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jan 3, 2018.

  1. Delgibbons, Jan 3, 2018
    Last edited: Jan 3, 2018

    Delgibbons macrumors 6502

    Delgibbons

    Joined:
    Dec 14, 2016
    Location:
    London
    #51
    Quick...lets move all Macs to ARM as ARM chips aren't vulner....

    Oh. S***.

    "mobile chip designer ARM Holdings said its chips were also affected and that it was working with Intel and AMD (AMD, +6.19%) on a fix. That helped Intel shares claw back some of the drop and the stock closed down only 3%, while AMD ended with a 5% gain."

    http://fortune.com/2018/01/03/intel-kernel-security-flaw-amd/
     
  2. thadoggfather macrumors G3

    thadoggfather

    Joined:
    Oct 1, 2007
    #52
    Steve Jobs iphone 4 antennagate approach FAIL!!

    Nice try intel
     
  3. calzon65 macrumors 6502a

    calzon65

    Joined:
    Jul 16, 2008
    #53
    If the Intel problem could be fixed by a software updated with no impact "damage" to the end user (i.e., no speed penalty) then it's one of those no harm no foul issues and most everyone will move on.

    But if the software fix results in a speed reduction (a form a damage to the end user), get ready for a class action lawsuit against Intel. Look at how fast the lawsuit was filed against Apple for their IOS speed throttling to deal with older batteries.
     
  4. LV426 macrumors 6502a

    Joined:
    Jan 22, 2013
  5. VictorTango777 macrumors regular

    Joined:
    Oct 28, 2017
    #55
    Now Apple knows how it feels when developers have to work around manufacturer defects. But at least Intel is admitting it's their bug instead of pointing fingers at outside developers.
     
  6. Analog Kid macrumors 601

    Analog Kid

    Joined:
    Mar 4, 2003
    #56
    Ok, first of all, you don't use the press release about how every processor you've made for over a decade gives unauthorized access to privileged data to assert that you're "the most secure in the world".

    Second, AMD could have used language that was more clear than "we aren't affected by all three". All I know from that statement is that you're affected by between 0 and 2 of the known exploits.

    ------

    I asked this in an earlier thread, but I'll ask here too. Anyone familiar enough with how XNU works to know if the hybrid design works to Apple's advantage or disadvantage in this case?
     
  7. sevvere Suspended

    sevvere

    Joined:
    Oct 20, 2017
    #57
    So we have the same “flaw” in two different chip architectures. ..... I stand firm that this was a three letter agency backdoor.
     
  8. Analog Kid macrumors 601

    Analog Kid

    Joined:
    Mar 4, 2003
    #58
    It's an OS patch to a hardware SNAFU. AMD is suggesting they aren't susceptible to it, so there is a possible hardware fix they could have implemented had they known.
     
  9. meaning-matters macrumors 6502

    meaning-matters

    Joined:
    Dec 13, 2013
    #59
    There is a flaw, but I don't hear anyone explain how hard it is to actually get hold of meaningful sensitive data.
     
  10. jeremysteele, Jan 3, 2018
    Last edited: Jan 3, 2018

    jeremysteele macrumors 6502

    Joined:
    Jul 13, 2011
    #60
    The hybrid design makes no difference.
    --- Post Merged, Jan 3, 2018 ---
    The real world hit won't be anywhere near 50%.

    AFAIK, 30% was the worst that anyone found, and that was worst case scenario with essentially a feedback loop on the loopback interface while writing to disk (metric crap ton of syscalls). A 10-17% hit seems more realistic. Postgres for instance was benched 10-15% slower as you said.

    Still sucks though. Undoubtedly this will hurt everyone, especially Intel.
     
  11. cmaier macrumors G4

    Joined:
    Jul 25, 2007
    Location:
    California
    #61
    I worked on the reservation stations for ultrasparc v. Doubt it would be particularly vulnerable.
    --- Post Merged, Jan 3, 2018 ---
    It’s also a micro architectural issue, not an architectural issue. And micro architecture varies from company to company and often chip to chip.
     
  12. boccabella macrumors member

    boccabella

    Joined:
    Oct 26, 2010
    #62
    So it only affects every computer manufactured in the Internet era, apparently.
     
  13. zz_nosa_r macrumors regular

    zz_nosa_r

    Joined:
    Oct 21, 2015
    #63
    I have to agree to this. LOL

    But in serious note,

    No software or hardware is 100% Perfect. There will always be bugs. Nothing is also secure.

    There are always vulnerabilities. People just need to find and catch those then fix it. (like a Legendary Pokemon that is hard to catch)
     
  14. jeremiah256 macrumors 6502a

    jeremiah256

    Joined:
    Aug 2, 2008
    Location:
    Southern California
    #64
    Now there's a name I've not heard in a long, long time.
     
  15. cube macrumors G5

    Joined:
    May 10, 2004
    #65
    One of the vulnerabilities is hard to fix, so who knows how high the performance impact will be.
     
  16. poppy10 macrumors regular

    Joined:
    Sep 25, 2012
    Location:
    UK
    #66
    Strange how many of these CEOs manage to "unfortunately" sell their stock right before some bad news comes out

    Who else remembers the Equifax CTO and CEO selling millions of dollars worth of stock just before the news of the massive data breach came out at the end of last year?

    These guys have access to inside information months before it becomes public. Easy to say it was a long-planned sale and nothing to do with the bad news
     
  17. NT1440 macrumors G4

    NT1440

    Joined:
    May 18, 2008
    #67
  18. haruhiko macrumors 601

    haruhiko

    Joined:
    Sep 29, 2009
  19. usarioclave macrumors 65816

    Joined:
    Sep 26, 2003
    #69
    This really doesn't sound like a design flaw, this sounds like it's working as designed. Putting speculative execution under access control means a slowdown, which most likely mitigates any benefit of speculative execution. This has been in their chips for so long that it has to have been an explicit speed vs security tradeoff.

    When the "fix" comes, I hope I can turn it off. I generally don't run shared workloads, but I'd have to evaluate it on all my machines here.
     
  20. timeconsumer macrumors 65816

    timeconsumer

    Joined:
    Aug 1, 2008
    Location:
    Portland
    #70
    That's what I was trying to point out, that it seems convenient that the CEO sold this before this news. But it was pointed out by others on here that it's just bad timing. I think there's no way to prove otherwise. It's just extremely convenient it seems.
     
  21. Darmok N Jalad macrumors 6502a

    Darmok N Jalad

    Joined:
    Sep 26, 2017
    Location:
    Tanagra
    #71
    They could always let AMD and ARM speak for themselves. Instead they throw them into the mix to deflect blame. Classy.
     
  22. GeminiCricket macrumors newbie

    GeminiCricket

    Joined:
    Jan 3, 2018
    #72
    From AMD's statement:
    "AMD is not susceptible to all three variants."
    If written by a native English speaker, this is a VERY curious wording. Does this really mean that AMD is not susceptible to ANY of the three variants, or does it mean that AMD might be susceptible to one or two of the variants?
     
  23. ActionableMango macrumors G3

    ActionableMango

    Joined:
    Sep 21, 2010
    #73
    I bet the folk in the PowerPC-based Mac forums are quite happy with themselves right now.
     
  24. lpolarityl, Jan 3, 2018
    Last edited: Jan 3, 2018

    lpolarityl macrumors 6502

    lpolarityl

    Joined:
    Dec 1, 2009
    #74
    ... Who use Intel, AMD and ARM powered computers/devices.
    --- Post Merged, Jan 3, 2018 ---
    Or use stand alone domains/workgroups/networks that have no access to the outside world. This is common practice in a lot of government based facilities/contractors.
     
  25. OldSchoolMacGuy macrumors 68040

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #75
    That's actually not how it should work. Someone made the same complaint about Intel's submission for a patch for Linux.

    In the patch, Intel applied it to all X86 processors. With would have slowed all processors. AMD responded saying they aren't impacted and whitelisted their processors.

    That's exactly how it should work. Don't assume others aren't vulnerable. If the issue might impact more than just Intel processors, apply it to all and let others whitelist themselves as they determine they aren't impacted.

    It's much safer to assume everyone is vulnerable until proven otherwise rather than assume only a single group is vulnerable and hope the rest test.
    --- Post Merged, Jan 3, 2018 ---
    No it's not. It's incredibly uncommon actually.

    Source: Work in forensics and work with government agencies around the world.
     

Share This Page