Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]

Discussion in ' News Discussion' started by MacRumors, Jan 3, 2018.

  1. Delgibbons, Jan 3, 2018
    Last edited: Jan 3, 2018

    Delgibbons macrumors 6502a


    Dec 14, 2016
    Quick...lets move all Macs to ARM as ARM chips aren't vulner....

    Oh. S***.

    "mobile chip designer ARM Holdings said its chips were also affected and that it was working with Intel and AMD (AMD, +6.19%) on a fix. That helped Intel shares claw back some of the drop and the stock closed down only 3%, while AMD ended with a 5% gain."
  2. thadoggfather macrumors G3


    Oct 1, 2007
    Steve Jobs iphone 4 antennagate approach FAIL!!

    Nice try intel
  3. calzon65 macrumors 6502a


    Jul 16, 2008
    If the Intel problem could be fixed by a software updated with no impact "damage" to the end user (i.e., no speed penalty) then it's one of those no harm no foul issues and most everyone will move on.

    But if the software fix results in a speed reduction (a form a damage to the end user), get ready for a class action lawsuit against Intel. Look at how fast the lawsuit was filed against Apple for their IOS speed throttling to deal with older batteries.
  4. LV426 macrumors 6502a

    Jan 22, 2013
  5. VictorTango777 macrumors 6502

    Oct 28, 2017
    Now Apple knows how it feels when developers have to work around manufacturer defects. But at least Intel is admitting it's their bug instead of pointing fingers at outside developers.
  6. Analog Kid macrumors 601

    Analog Kid

    Mar 4, 2003
    Ok, first of all, you don't use the press release about how every processor you've made for over a decade gives unauthorized access to privileged data to assert that you're "the most secure in the world".

    Second, AMD could have used language that was more clear than "we aren't affected by all three". All I know from that statement is that you're affected by between 0 and 2 of the known exploits.


    I asked this in an earlier thread, but I'll ask here too. Anyone familiar enough with how XNU works to know if the hybrid design works to Apple's advantage or disadvantage in this case?
  7. sevvere Suspended


    Oct 20, 2017
    So we have the same “flaw” in two different chip architectures. ..... I stand firm that this was a three letter agency backdoor.
  8. Analog Kid macrumors 601

    Analog Kid

    Mar 4, 2003
    It's an OS patch to a hardware SNAFU. AMD is suggesting they aren't susceptible to it, so there is a possible hardware fix they could have implemented had they known.
  9. meaning-matters macrumors 6502


    Dec 13, 2013
    There is a flaw, but I don't hear anyone explain how hard it is to actually get hold of meaningful sensitive data.
  10. jeremysteele, Jan 3, 2018
    Last edited: Jan 3, 2018

    jeremysteele macrumors 6502

    Jul 13, 2011
    The hybrid design makes no difference.
    --- Post Merged, Jan 3, 2018 ---
    The real world hit won't be anywhere near 50%.

    AFAIK, 30% was the worst that anyone found, and that was worst case scenario with essentially a feedback loop on the loopback interface while writing to disk (metric crap ton of syscalls). A 10-17% hit seems more realistic. Postgres for instance was benched 10-15% slower as you said.

    Still sucks though. Undoubtedly this will hurt everyone, especially Intel.
  11. cmaier macrumors G4

    Jul 25, 2007
    I worked on the reservation stations for ultrasparc v. Doubt it would be particularly vulnerable.
    --- Post Merged, Jan 3, 2018 ---
    It’s also a micro architectural issue, not an architectural issue. And micro architecture varies from company to company and often chip to chip.
  12. boccabella macrumors regular

    Oct 26, 2010
    So it only affects every computer manufactured in the Internet era, apparently.
  13. zz_nosa_r macrumors regular


    Oct 21, 2015
    I have to agree to this. LOL

    But in serious note,

    No software or hardware is 100% Perfect. There will always be bugs. Nothing is also secure.

    There are always vulnerabilities. People just need to find and catch those then fix it. (like a Legendary Pokemon that is hard to catch)
  14. jeremiah256 macrumors 6502a


    Aug 2, 2008
    Southern California
    Now there's a name I've not heard in a long, long time.
  15. cube macrumors G5

    May 10, 2004
    One of the vulnerabilities is hard to fix, so who knows how high the performance impact will be.
  16. poppy10 macrumors regular

    Sep 25, 2012
    Strange how many of these CEOs manage to "unfortunately" sell their stock right before some bad news comes out

    Who else remembers the Equifax CTO and CEO selling millions of dollars worth of stock just before the news of the massive data breach came out at the end of last year?

    These guys have access to inside information months before it becomes public. Easy to say it was a long-planned sale and nothing to do with the bad news
  17. NT1440 macrumors G4


    May 18, 2008
  18. haruhiko macrumors 601


    Sep 29, 2009
  19. usarioclave macrumors 65816

    Sep 26, 2003
    This really doesn't sound like a design flaw, this sounds like it's working as designed. Putting speculative execution under access control means a slowdown, which most likely mitigates any benefit of speculative execution. This has been in their chips for so long that it has to have been an explicit speed vs security tradeoff.

    When the "fix" comes, I hope I can turn it off. I generally don't run shared workloads, but I'd have to evaluate it on all my machines here.
  20. timeconsumer macrumors 68000


    Aug 1, 2008
    That's what I was trying to point out, that it seems convenient that the CEO sold this before this news. But it was pointed out by others on here that it's just bad timing. I think there's no way to prove otherwise. It's just extremely convenient it seems.
  21. Darmok N Jalad macrumors 65816

    Darmok N Jalad

    Sep 26, 2017
    They could always let AMD and ARM speak for themselves. Instead they throw them into the mix to deflect blame. Classy.
  22. GeminiCricket macrumors newbie


    Jan 3, 2018
    From AMD's statement:
    "AMD is not susceptible to all three variants."
    If written by a native English speaker, this is a VERY curious wording. Does this really mean that AMD is not susceptible to ANY of the three variants, or does it mean that AMD might be susceptible to one or two of the variants?
  23. ActionableMango macrumors G3


    Sep 21, 2010
    I bet the folk in the PowerPC-based Mac forums are quite happy with themselves right now.
  24. lpolarityl, Jan 3, 2018
    Last edited: Jan 3, 2018

    lpolarityl macrumors 6502


    Dec 1, 2009
    ... Who use Intel, AMD and ARM powered computers/devices.
    --- Post Merged, Jan 3, 2018 ---
    Or use stand alone domains/workgroups/networks that have no access to the outside world. This is common practice in a lot of government based facilities/contractors.
  25. OldSchoolMacGuy macrumors 601


    Jul 10, 2008
    That's actually not how it should work. Someone made the same complaint about Intel's submission for a patch for Linux.

    In the patch, Intel applied it to all X86 processors. With would have slowed all processors. AMD responded saying they aren't impacted and whitelisted their processors.

    That's exactly how it should work. Don't assume others aren't vulnerable. If the issue might impact more than just Intel processors, apply it to all and let others whitelist themselves as they determine they aren't impacted.

    It's much safer to assume everyone is vulnerable until proven otherwise rather than assume only a single group is vulnerable and hope the rest test.
    --- Post Merged, Jan 3, 2018 ---
    No it's not. It's incredibly uncommon actually.

    Source: Work in forensics and work with government agencies around the world.

Share This Page