Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.



intel.jpg
Intel this afternoon addressed reports of a serious design flaw and security vulnerability in its CPUs, shedding additional light on the issue that was uncovered yesterday and has since received extensive media coverage.

In a statement on its website, Intel says that it planned to disclose the vulnerability next week when additional software patches were available, but was forced to make a statement today due to "inaccurate media reports."

According to Intel, the issue is not limited to Intel chips and the exploits in question do not have the potential to corrupt, modify, or delete data. Despite Intel's statement, Intel chips are more heavily impacted, and it's worth noting that Intel makes no mention of reading kernel level data.Intel says it is working with several other technology companies including AMD, ARM, and operating system vendors to "develop an industry-wide approach" to resolve the problem "promptly and constructively."

As outlined yesterday, the design flaw appears to allow normal user programs to see some of the contents of the protected kernel memory, potentially giving hackers and malicious programs access to sensitive information like passwords, login keys, and more. Fixing the issue involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level.

Despite reports suggesting software fixes for the vulnerability could cause slowdowns of 5 to 30 percent on some machines, Intel claims performance impacts are workload-dependent and will not be noticeable to the average computer user.Intel goes on to say that it believes its products are "the most secure in the world" and that the current fixes in the works provide the "best possible security" for its customers. Intel recommends that users install operating system updates as soon as they are available.

For Mac users, Apple has already addressed the design flaw in macOS 10.13.2, which was released to the public on December 6.

Update: Security researchers have now shared details about the two critical vulnerabilities impacting most Intel processors and some ARM processors. Called Meltdown and Spectre, the vulnerabilities offer hackers access to data from the memory of running apps, providing passwords, emails, documents, photos, and more.

"Almost every system" since 1995 is impacted according to ZDNet, including computers and smartphones. Meltdown can read the entire physical memory of the target machine, while Spectre is able to break the isolation between different apps. It's knot known if hackers have exploited Meltdown and Spectre as of yet. Google's Project Zero team was had a hand in unearthing the vulnerabilities and Google has also shared details on the exploits. Full research papers are available here.

Update 2: ARM and AMD have both issued statements following Intel's press release. AMD says there is a "near zero risk" to AMD processors at this time, while ARM says its processors are vulnerable.

From AMD:From ARM:

Article Link: Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]
Quick...lets move all Macs to ARM as ARM chips aren't vulner....

Oh. S***.

"mobile chip designer ARM Holdings said its chips were also affected and that it was working with Intel and AMD (AMD, +6.19%) on a fix. That helped Intel shares claw back some of the drop and the stock closed down only 3%, while AMD ended with a 5% gain."

http://fortune.com/2018/01/03/intel-kernel-security-flaw-amd/
 
Last edited:
If the Intel problem could be fixed by a software updated with no impact "damage" to the end user (i.e., no speed penalty) then it's one of those no harm no foul issues and most everyone will move on.

But if the software fix results in a speed reduction (a form a damage to the end user), get ready for a class action lawsuit against Intel. Look at how fast the lawsuit was filed against Apple for their IOS speed throttling to deal with older batteries.
 
  • Like
Reactions: shplock
Ok, first of all, you don't use the press release about how every processor you've made for over a decade gives unauthorized access to privileged data to assert that you're "the most secure in the world".

Second, AMD could have used language that was more clear than "we aren't affected by all three". All I know from that statement is that you're affected by between 0 and 2 of the known exploits.

------

I asked this in an earlier thread, but I'll ask here too. Anyone familiar enough with how XNU works to know if the hybrid design works to Apple's advantage or disadvantage in this case?
 
  • Like
Reactions: MrAverigeUser
Quick...lets move all Macs to ARM as ARM chips aren't vulner....

Oh. S***.

"mobile chip designer ARM Holdings said its chips were also affected and that it was working with Intel and AMD (AMD, +6.19%) on a fix. That helped Intel shares claw back some of the drop and the stock closed down only 3%, while AMD ended with a 5% gain."

http://fortune.com/2018/01/03/intel-kernel-security-flaw-amd/

So we have the same “flaw” in two different chip architectures. ..... I stand firm that this was a three letter agency backdoor.
 
The fix requires changes at the OS level. How could Intel quietly patch everyone's operating system?
It's an OS patch to a hardware SNAFU. AMD is suggesting they aren't susceptible to it, so there is a possible hardware fix they could have implemented had they known.
 
There is a flaw, but I don't hear anyone explain how hard it is to actually get hold of meaningful sensitive data.
 
I asked this in an earlier thread, but I'll ask here too. Anyone familiar enough with how XNU works to know if the hybrid design works to Apple's advantage or disadvantage in this case?

The hybrid design makes no difference.
[doublepost=1515024679][/doublepost]
Where this will hurt is in the cloud. It's common these days for applications to talk to each other via queues. programs that write enormous amounts of small bits of data to SSD very rapidly. There, you might see a 30% to as high as 50% increase - which means an 30-50% increase in usage, which means you owe your cloud provider 30-50% more money. Postgres, the database my company uses, takes a 10% hit. That means our specs, and ergo our operating costs, just rose 10% for the database alone. This... is going to hurt a lot.

The real world hit won't be anywhere near 50%.

AFAIK, 30% was the worst that anyone found, and that was worst case scenario with essentially a feedback loop on the loopback interface while writing to disk (metric crap ton of syscalls). A 10-17% hit seems more realistic. Postgres for instance was benched 10-15% slower as you said.

Still sucks though. Undoubtedly this will hurt everyone, especially Intel.
 
Last edited:
  • Like
Reactions: pianophile
I doubt SPARC, Snapdragon, A[x] chips are affected. Sounds like AMD is affected since they just copy Intel.
I worked on the reservation stations for ultrasparc v. Doubt it would be particularly vulnerable.
[doublepost=1515024991][/doublepost]
AMD created x86-64, intel “copied” it. ARM says some cortex-A CPUs are affected, which Apples CPUs are based on, they may have problems.
It’s also a micro architectural issue, not an architectural issue. And micro architecture varies from company to company and often chip to chip.
 
If you want security nowadays you have to go back to pen and paper.

I have to agree to this. LOL

But in serious note,

No software or hardware is 100% Perfect. There will always be bugs. Nothing is also secure.

There are always vulnerabilities. People just need to find and catch those then fix it. (like a Legendary Pokemon that is hard to catch)
 
One of the vulnerabilities is hard to fix, so who knows how high the performance impact will be.
 
  • Like
Reactions: nt5672
It was a rule 10b5-1 sale which means it had been planned well in advance and the rule is there to prevent inside trading.

The timing is just very unfortunate.
Strange how many of these CEOs manage to "unfortunately" sell their stock right before some bad news comes out

Who else remembers the Equifax CTO and CEO selling millions of dollars worth of stock just before the news of the massive data breach came out at the end of last year?

These guys have access to inside information months before it becomes public. Easy to say it was a long-planned sale and nothing to do with the bad news
 
I wonder how long Intel has known about this flaw.

This really doesn't sound like a design flaw, this sounds like it's working as designed. Putting speculative execution under access control means a slowdown, which most likely mitigates any benefit of speculative execution. This has been in their chips for so long that it has to have been an explicit speed vs security tradeoff.

When the "fix" comes, I hope I can turn it off. I generally don't run shared workloads, but I'd have to evaluate it on all my machines here.
 
Strange how many of these CEOs manage to "unfortunately" sell their stock right before some bad news comes out

Who else remembers the Equifax CTO and CEO selling millions of dollars worth of stock just before the news of the massive data breach came out at the end of last year?

These guys have access to inside information months before it becomes public. Easy to say it was a long-planned sale and nothing to do with the bad news
That's what I was trying to point out, that it seems convenient that the CEO sold this before this news. But it was pointed out by others on here that it's just bad timing. I think there's no way to prove otherwise. It's just extremely convenient it seems.
 
From AMD's statement:
"AMD is not susceptible to all three variants."
If written by a native English speaker, this is a VERY curious wording. Does this really mean that AMD is not susceptible to ANY of the three variants, or does it mean that AMD might be susceptible to one or two of the variants?
 
  • Like
Reactions: fairuz
Not.
There are far more secure systems out there, for instance intelligence or military.

... Who use Intel, AMD and ARM powered computers/devices.
[doublepost=1515030285][/doublepost]
If you want security nowadays you have to go back to pen and paper.

Or use stand alone domains/workgroups/networks that have no access to the outside world. This is common practice in a lot of government based facilities/contractors.
 
Last edited:
They could always let AMD and ARM speak for themselves. Instead they throw them into the mix to deflect blame. Classy.

That's actually not how it should work. Someone made the same complaint about Intel's submission for a patch for Linux.

In the patch, Intel applied it to all X86 processors. With would have slowed all processors. AMD responded saying they aren't impacted and whitelisted their processors.

That's exactly how it should work. Don't assume others aren't vulnerable. If the issue might impact more than just Intel processors, apply it to all and let others whitelist themselves as they determine they aren't impacted.

It's much safer to assume everyone is vulnerable until proven otherwise rather than assume only a single group is vulnerable and hope the rest test.
[doublepost=1515030414][/doublepost]
Or use stand alone domains/workgroups/networks that have no access to the outside world. This is common practice in a lot of government based facilities/contractors.

No it's not. It's incredibly uncommon actually.

Source: Work in forensics and work with government agencies around the world.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.