Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Intel Says New Software Updates Make Computers 'Immune' to Meltdown and Spectre Vulnerabilities
- Thread starter MacRumors
- Start date
- Sort by reaction score
Well, maybe the people at Intel (and other companies like Apple) are sleeping a little easier tonight than we thought.
They were probably never that worried. Although the CEO is going to need to answer some questions about selling some shares in October, despite it being scheduled.
Bad look and I like him.
I saw some sysadmin saying the servers were 60% loaded before and now they are stressed, for example.
For the Pentium laptop, it was barely usable before and now it seems it needs to be replaced.
Still not clear to me that there are any legally cognizable damages there. Maybe. But unless there was some other machine they could have bought that didn't have the problem, hard to argue that they actually lost anything. Maybe they have an argument under some sort of false advertising theory if they were promised some specific performance, or perhaps they can argue they would have bought a higher-end CPU if only they had known or something.
Given the nature of the exploit, I don't think that anyone can make Intel responsible here. Especially for the Meltdown attack pattern — the OS writers are probably more negligent here, since the attack relies on kernel addresses being mapped in application space.
One could of course blame Intel for not doing anything to address cache side-channel attacks despite these being known since at least 6-7 years. However, these attacks exploit the very way how modern CPUs work. The only sure way to prevent these attacks is to by removing performance-oriented features of the CPUs.
Trying to put things into perspective.
More than half a year ago, a team of researchers reported the Meltdown and Spectre design flaws to Intel, Kocher P. et al. reported in their paper that a permanent fix for Spectre was not possible for the current microprocessor design. Intel had roughly 1/2 a year of ample time to come up with "temporary solutions" to their problems - until January 3. 2018, the date the public was informed about the issues. Three days later Intel say abracadabra we have a fix that makes our hardware "immune" to potential attacks.
Smells very fishy to me; Dear Intel, I'm not buying it.
More than half a year ago, a team of researchers reported the Meltdown and Spectre design flaws to Intel, Kocher P. et al. reported in their paper that a permanent fix for Spectre was not possible for the current microprocessor design. Intel had roughly 1/2 a year of ample time to come up with "temporary solutions" to their problems - until January 3. 2018, the date the public was informed about the issues. Three days later Intel say abracadabra we have a fix that makes our hardware "immune" to potential attacks.
Smells very fishy to me; Dear Intel, I'm not buying it.
Source of a documented slow down as a direct result of patching?
[doublepost=1515152963][/doublepost]
When did the user notice the “slowdown”. What OS? What model intel? Provide some tangible info.
"Intel today also reiterated that the updates that are being released for Mac, PC, and Linux machines should not significantly impact day to day usage and should, for the most part, be unnoticeable."
ok, so Windows users get all the speed, while Mac users get a slowdown. That doesn't seem fair.
ok, so Windows users get all the speed, while Mac users get a slowdown. That doesn't seem fair.
It is at the end of the PDF released by Google going over the issues. I don't want to link it directly to avoid someone maybe harming their system.
"Intel today also reiterated that the updates that are being released for Mac, PC, and Linux machines should not significantly impact day to day usage and should, for the most part, be unnoticeable. That seems to be true of the macOS High Sierra 10.13.2 update, as there have been no reports of slowdowns from Mac users."
At least not on High Sierra, there is no slow down. Although, not everyone is on High Sierra.
Just google around, sample code is freely available. Its also in the published paper.
[doublepost=1515162709][/doublepost]
You can't harm your system with that. These exploits are merely spies, they can't in any way affect the data.
Funny to see an advertisement on MR home page for HP Spectre laptop while reading about the Spectre exploit. I am guessing that HP is already discussing retirement of that series.lol
Ah kocher. He sued visa international for patent infringement when he discovered differential power attacks and he patented some defenses against them.
https://support.apple.com/en-us/HT208394
[doublepost=1515170933][/doublepost]
The initial disclosure in June did not contain Meltdown, but only Spectre. Meltdown was later reported late July.
They actually added CVE-2017-5754 to that page yesterday (1/4).
[doublepost=1515172582][/doublepost]
Do simple google searches. Look at all of the people who are finding their AWS performance is going to **** as Amazon patches their servers.
One example: https://www.neowin.net/news/amazon-aws-customers-see-slowdown-after-meltdown-patch
Another: https://news.ycombinator.com/item?id=16064611
Another: https://www.theregister.co.uk/2018/01/04/amazon_ec2_intel_meltdown_performance_hit/
Another: https://forums.aws.amazon.com/thread.jspa?threadID=269858
I personally know sysadmins scrambling because of the performance hits on AWS. They're having to explain to customers why the performance sucks right now and that they are trying to resolve it.
Honestly it’s just the “fear.” I passed the 2013 MBP to my mother when I got a 2016 MBP. She’s not technologically advanced I’m not sure how much she’ll have to learn new. Kind of an irrational fear.
I think is clear enough, also they are not going to give more info because there is really nothing you can do, my best guess is that apple think or believe that you don't need to know the technical aspects, in their mind all you have to do is install there latest patches when they come out, but they telling you how the attack works or giving extra info will make things worse because then they also be telling the hackers how is done or what to look for etc.
Oh, that's what you meant. I saw the code in the paper but thought you were referring to something else. Thanks, I'll try it out.
Intel today announced that the firmware updates and software patches that are being released for its CPUs render Intel-based computer systems "immune" to both the Spectre and Meltdown exploits that were widely publicized this week.Intel says updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched.
For Mac users, Apple has already addressed some of the vulnerabilities in the macOS High Sierra 10.13.2 update, and further updates will come in macOS High Sierra 10.13.3. To make sure you're protected as a Mac user, install all of the latest operating system updates and firmware patches. As always, it's also worth avoiding suspicious programs, websites, and links.
Intel today also reiterated that the updates that are being released for Mac, PC, and Linux machines should not significantly impact day to day usage and should, for the most part, be unnoticeable. That seems to be true of the macOS High Sierra 10.13.2 update, as there have been no reports of slowdowns from Mac users.While hints of an Intel CPU design flaw and security vulnerability surfaced on Tuesday, it wasn't until Wednesday that full details were shared on the Meltdown and Spectre exploits, which take advantage of the speculative execution mechanism of a CPU.
Meltdown impacts Intel CPUs, allowing a malicious program to access data from the memory of running apps, providing passwords, emails, documents, photos, and more. Meltdown can be exploited to read the entire physical memory of a target machine, and it can be done through something as simple as a website. The vulnerability is particularly problematic for cloud-based services.
Spectre, which breaks the isolation between different applications, is a wider hardware-based problem impacting all modern Intel, ARM, and AMD processors. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.
While patches are going out that appear to prevent the current known Meltdown and Spectre exploits, these speculative execution vulnerabilities will continue to be a problem for years to come, according to security researchers. Similar vulnerabilities will surface, and while performance impacts from software-based workarounds are minor, they're still present.
Paul Kocher, one of the security researchers who helped discover the flaws, told The New York Times that this will be a "festering problem over hardware life cycles." "It's not going to change tomorrow or the day after," he said. "It's going to take awhile."
Article Link: Intel Says New Software Updates Make Computers 'Immune' to Meltdown and Spectre Vulnerabilities
I would think there would be a lot more people upset with Intel over the chip issue than Apple with the battery thing.
High Sierra was a dumpster fire for awhile. On my brand new MBP it had graphic glitches (image persistence, etc.), login issues, SMB problems, iCloud difficulties, etc.
The most recent version seems not much worse than Sierra, though, so it’s probably reasonably safe to upgrade now for most people. I do wish that if Apple is going to take an entire release cycle or two and add essentially no new features, that the end result is a faster, more bug free OS and not the mess that is High Sierra. Not at all clear what benefits High Sierra gives to any customer, except for a few updates to Photos (which I don’t even use).
I'll pass on being blamed for crashing someone's system or a process. I've been blamed for plenty of things in cases like this.
That’s another reason why I haven’t updated. Not like I’ll downgrade if I don’t like the new OS.