Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I'm surprised nobody thought of these speculative attacks before. I read the paper, and it's incredibly simple.
[doublepost=1526955650][/doublepost]
It's about security, not privacy.

The first known papers on the potential of these side channel attacks first popped up over 10 years ago. Nobody seriously thought they could really work until last year
 
  • Like
Reactions: bmot and fairuz
Since the post was not done using the Sarcasm Font...

AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.

https://www.amd.com/en/corporate/security-updates

You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.


To this date there has been 4 types of exploits discovered. Spectre V1, Spectre V2, Spectre NG(Which includes rogue system register read, Spectre-V3a, and speculative store bypass, Spectre-V4) & Meltdown. Apart from Spectre V1 none of the AMD CPUs are affected by these exploits, and that's also has been mitigated by the browser's side channel patch.

P.S: Retracting from my original comment. It seems AMD has been affected by V4 and it appears that the mitigations will be available through OS patch. There is no need for a microcode or BIOS update.

AMD has released a whitepaper on the V4 mitigation. If anyone interested to read them then please proceed.
https://developer.amd.com/wp-conten...lativeStoreBypassDisable_Whitepaper_final.pdf
 
Last edited:
Just for the sake of discussion-

We know apple wants to make their own chips. But can they build chips that can handle Pro level loads?
 
https://www.amd.com/en/corporate/security-updates
Microsoft is completing final testing and validation of AMD-specific updates for Windows client and server operating systems, which are expected to be released through their standard update process. Similarly, Linux distributors are developing operating system updates for SSB. AMD recommends checking with your OS provider for specific guidance on schedules.

We have not identified any AMD x86 products susceptible to the Variant 3a vulnerability in our analysis to-date.
 
I really wish Intel and 3rd party board manufactures would release the microcode for BIOS updates for older boards. My 4960X, which is a 4.5 year old $1,000 CPU is unprotected from these security threats because ASUS refuses to release a BIOS update.

I shouldn't have to buy a new motherboard every 2 years just to continue receiving BIOS updates.

You usually dont actually need motherboard BIOS updates to get the latest microcode.

If you use linux, you can download the latest microcode bundles from intel's downloadcentre ( https://downloadcenter.intel.com/download/27776/Linux-Processor-Microcode-Data-File?v=t ) and reload the microcode on the fly (not recommended), or preferrably get it loaded extremely early in the boot process. The intel-ucode tools can automate most of it. But more often than not the linux distribution will just push out these updates seamlessly and keep everything updated for you. A quick "dmesg | grep -i microcode" command will let you know what revision is loaded.

Microsoft Windows keeps intel microcode updated via normal software updates also ( eg: https://support.microsoft.com/en-gb/help/4091664/kb4091664-intel-microcode-updates ).

There are some microcode variants that apparently do need to be loaded pre-OS, my 4970K and 4360T dont, not sure about your 4960X but might be worth checking.

In saying that, shame that ASUS has taken such a poor support route. I have a Gigabte and Asrock here with 9 series chipsets (used on 4th gen CPUs like yours) that didnt have their BIOS's updated in ages until the meltdown/specter debacle, and have received at least two BIOS updates recently to coincide with intel microcode updates.

Of course you always have the more extreme option of using tools to deconstruct your BIOS and update individual modules and reflash it yourself. You could update the Intel ME engine and other stuff while you are at it. Not sure if the risk reward ratio is worth it.
 
Last edited:
Always amusing how nerds make such a huge attention play with their naming of bugs, flaws, exploits etc and graphics that go along with them. DRAMA! DRAMA! Couldn't they just be grown ups? Don't talk down to people as if they're in kindergarten, along with your cutesey, overly-rounded, totally redundant logos of ghosts etc; people aren't (all) morons.

Pure irony. You want people to grow up yet you reduce yourself to a middle schooler by calling them nerds.
 
Always amusing how nerds make such a huge attention play with their naming of bugs, flaws, exploits etc and graphics that go along with them. DRAMA! DRAMA! Couldn't they just be grown ups? Don't talk down to people as if they're in kindergarten, along with your cutesey, overly-rounded, totally redundant logos of ghosts etc; people aren't (all) morons.

I like the icons. Guess I’m a moron.
 
  • Like
Reactions: Toutou
I'm surprised some headstrong lawyer hasn't started another "Class action lawsuit" against INTEL and the others

in the name of fairness of course :eek:
 
  • Like
Reactions: simonmet
It’s really time for Apple to switch to AMD. It’s not like anyone buys a Mac to play AAA games at max settings anyway, which is about the only place left where Intel still has a slim advantage. Not to mention, the MacBooks might get a decent integrated GPU.

Does anyone know how AMD compare to Intel on power usage? that could be one area Intel still have and advantage and that would be a big deal on mobile devices.
 
Hardware seems like the 'new thing' for attack surfaces.

Hey, don’t sweat this new security flaw. Do what I’ve done and use a secure, hack proof, reliable and energy efficient “processor”.....
Abacus_2.jpg


That's awfully close to an "Abacus"
 
It’s really time for Apple to switch to AMD. It’s not like anyone buys a Mac to play AAA games at max settings anyway, which is about the only place left where Intel still has a slim advantage. Not to mention, the MacBooks might get a decent integrated GPU.

Considering Apple is planning to use their own ARM chips in all Macbooks in the long run, i doubt they will temporally switch to AMD. Too much hassle.
 
I'm surprised nobody thought of these speculative attacks before. I read the paper, and it's incredibly simple.
[doublepost=1526955650][/doublepost]
It's about security, not privacy.

Privacy depends on the security.
 
  • Like
Reactions: Sean4000
Intel says implementing the fix on the fixed CPU's will cause performance issues. They just caused headaches for marketing.
 
  • Like
Reactions: Val-kyrie
So the fix is optional, and OEMs are recommended to switch it off by default. So Intel sacrifices security so their processors can be advertised to perform better?
WTF? Is intel even serious then? They’re willing to risk a boatload of devices around the world just so people won’t complain to them about performance.

And people gave Apple a hard time about battery-gate. :shrug:
 
To this date there has been 4 types of exploits discovered. Spectre V1, Spectre V2, Spectre NG(Which includes rogue system register read, Spectre-V3a, and speculative store bypass, Spectre-V4) & Meltdown. Apart from Spectre V1 none of the AMD CPUs are affected by these exploits, and that's also has been mitigated by the browser's side channel patch.

P.S: Retracting from my original comment. It seems AMD has been affected by V4 and it appears that the mitigations will be available through OS patch. There is no need for a microcode or BIOS update.
AMD is also definitely affected by Spectre Variant 2. A "Spectre Variant 3a" doesn't really exist, as "Google Project Zero Variant 3" (as these security vulnerabilities are formally called) is in fact "Meltdown".
 
Last edited:
  • Like
Reactions: Val-kyrie
According to Intel, the new vulnerability has a "moderate" severity rating because many of the exploits that it uses have already been addressed through mitigations that were first introduced by software makers and OEMs in January for Meltdown and Spectre. Intel is, however, releasing a full mitigation option that will "prevent this method from being used in other ways."

This just reminds me of this.

 
  • Like
Reactions: DBDukes
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.