Intel Memory Access Design Flaw Already Addressed by Apple in macOS 10.13.2

MacRumors

macrumors bot
Original poster
Apr 12, 2001
50,031
11,308



A serious design flaw and security vulnerability discovered in Intel CPUs has reportedly already been partially addressed by Apple in the recent macOS 10.13.2 update, which was released to the public on December 6.


According to developer Alex Ionescu, Apple introduced a fix in macOS 10.13.2, with additional tweaks set to be introduced in macOS 10.13.3, currently in beta testing. AppleInsider also says that it has heard from "multiple sources within Apple" that updates made in macOS 10.13.2 have mitigated "most" security concerns associated with the KPTI vulnerability.

The question on everyone's minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the "Double Map" since 10.13.2 -- and with some surprises in 10.13.3 (under Developer NDA so can't talk/show you). cc @i0n1c @s1guza @patrickwardle pic.twitter.com/S1YJ9tMS63 - Alex Ionescu (@aionescu) January 3, 2018
Publicized yesterday, the design flaw in Intel chips allows normal user programs to see some of the contents of the protected kernel memory, potentially giving hackers and malicious programs access to sensitive information like passwords, login keys, and more.

Full details on the vulnerability continue to be unavailable and under embargo, so it's not yet clear just how serious it is, but fixing it involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level. Implementing Kernel Page Table Isolation could cause a performance hit on some machines.

According to The Register, which first shared details on the vulnerability, Windows and Linux machines will see a 5 to 30 percent slowdown once a fix is in place. It appears Macs may not be hit as heavily, as no noticeable performance slowdowns have been reported since the launch of macOS 10.13.2.

Ionescu also says that performance drop on a system with PCID (Process-Context Identifiers), available on most modern Macs, is "minimal," so most users may not see an impact on day-to-day Mac usage.

Article Link: Intel Memory Access Design Flaw Already Addressed by Apple in macOS 10.13.2
 

radiology

Suspended
Feb 11, 2014
377
1,389
Westlake, OH
I wonder what will be the downstream effect in the release of new chips and new Apple laptops and desktops. When should we expect to see a new MacBook Pro? is this the excuse Apple wanted to delay the release of Macs?
 
  • Like
Reactions: DeepIn2U

sublunar

macrumors 65816
Jun 23, 2007
1,374
813
Pre-Haswell CPUs will be hit worse apparently - that appears to include Ivy Bridge as used in 2012 Retina MacBook Pros, 2012 Mac Minis, and even - I think - the 2013 nMP.

Another reason for Apple to quietly retire the nMP as soon as possible because future benchmarks could potentially not look good for it. Good thing they already released something in 10.13.2 and have more fixes coming in 10.13.3.
 

noxivs

macrumors newbie
Sep 16, 2015
29
78
ist
What do we make of this really? I think someone should do a comparative test on handbrake or anything that solely uses CPU and only then we can tell the difference between 10.13.2 and any previous versions of macOS
 

Mike MA

macrumors 68020
Sep 21, 2012
2,046
1,679
In my opinion Apple is having some issue with transparency. Why not addressing fixes like this or actions like the battery management more openly? Many things might be good decisions or actions from a content perspective, but not well explained in the first place.
 

justperry

macrumors G4
Aug 10, 2007
11,034
6,907
I'm a rolling stone.
Pre-Haswell CPUs will be hit worse apparently - that appears to include Ivy Bridge as used in 2012 Retina MacBook Pros, 2012 Mac Minis, and even - I think - the 2013 nMP.

Another reason for Apple to quietly retire the nMP as soon as possible because future benchmarks could potentially not look good for it. Good thing they already released something in 10.13.2 and have more fixes coming in 10.13.3.

Didn't see any performance drop on my Macs.

My MBP and Mac Mini are both 2012 models.
 

bbfc

macrumors 68040
Oct 22, 2011
3,180
732
Newcastle, England.
In my opinion Apple is having some issue with transparency. Why not addressing fixes like this or actions like the battery management more openly? Many things might be good decisions or actions from a content perspective, but not well explained in the first place.
I don't believe they could talk about this issue as its under an NDA.

What I find even more less-transparent, is the fact that this issue is not mentioned on the Intel website, or if it is its buried deep. This should be the first thing you see! Not mentioned on any of their social media accounts too!
 

Mascots

macrumors 68000
Sep 5, 2009
1,613
1,312
Ah how nice to hear Apple is ahead of this one. Would be refreshing if this was a turn around of a pretty rocky 2017 as far as software hardness goes.
 

Mike MA

macrumors 68020
Sep 21, 2012
2,046
1,679
I don't believe they could talk about this issue as its under an NDA.

We‘re on the same page here. I also emphasized the need on many of the decisions taken. Yet, some explanations could avoid a lot of discussions or controversy.
 

Darmok N Jalad

macrumors 68030
Sep 26, 2017
2,873
12,366
Tanagra (not really)
I’m also curious how this affects Sierra. I’m currently on it to dual boot Windows with a non-EFI card, but I may just ditch the Windows partition for this one or try the HS upgrade without the APFS conversion.
 
  • Like
Reactions: RandomDSdevel

juanmj93

macrumors newbie
Jan 3, 2018
10
7
Just saw some Linux benchmarks and some workloads that make lots of syscalls such as virtualization and compiling take a huge hit, while things like gaming are seemingly unaffected, I haven't felt any difference in my Macs, But I guess comprehensive benchmarking needs to be done given that it affects differently older processor families like Sandy and Ivy Bridge.
 
  • Like
Reactions: IG88 and discuit
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.