Intel Memory Access Design Flaw Partially Addressed by Apple in macOS 10.13.2 [Unconfirmed] (macrumors.com)

← Back to Stories (view on slashdot.org)

Intel Memory Access Design Flaw Partially Addressed by Apple in macOS 10.13.2 [Unconfirmed] (macrumors.com)

Posted by msmash on Thursday January 4, 2018 @04:00AM from the racing-to-fix-things dept.

An anonymous reader shares a report: A serious design flaw and security vulnerability discovered in Intel CPUs has reportedly already been partially addressed by Apple in the recent macOS 10.13.2 update, which was released to the public on December 6. According to developer Alex Ionescu, Apple introduced a fix in macOS 10.13.2, with additional tweaks set to be introduced in macOS 10.13.3, currently in beta testing. AppleInsider also says that it has heard from "multiple sources within Apple" that updates made in macOS 10.13.2 have mitigated "most" security concerns associated with the KPTI vulnerability. A Bloomberg reporter pointed out that Apple has not officially commented on the story.

49 comments

Min score:

Reason:

Sort:

Fingers crossed for Sierra by meist3r · 2018-01-04 04:04 · Score: 0

I hope they will fix this in 10.12.x too. I'd get my passwords tattooed on my forehead before I try using High Sierra again.
1. Re:Fingers crossed for Sierra by Kenja · 2018-01-04 04:07 · Score: 1
  
  Was initially fixed in 10.12.3, 10.13.2 is an update to the existing fix.
  
  --
  
  "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
2. Re: Fingers crossed for Sierra by Anonymous Coward · 2018-01-04 04:19 · Score: 0
  
  >tattooing password
  >High Sierra
  Don't worry, it's the empty string anyway.
3. Re:Fingers crossed for Sierra by nnull · 2018-01-04 05:06 · Score: 1
  
  Still waiting for other linux distributions to issue a patch. As of this moment, Arch latest is still 4.14.11-1 and is still not patched from the looks of it?
  
  https://security.archlinux.org...
4. Re:Fingers crossed for Sierra by Kiwikwi · 2018-01-04 05:09 · Score: 1
  
  Was initially fixed in 10.12.3, 10.13.2 is an update to the existing fix.
  Where are you seeing this? All I see are reports that 10.12 has NOT been fixed.
5. Re:Fingers crossed for Sierra by DesertNomad · 2018-01-04 06:05 · Score: 1
  
  I'd get my passwords tattooed on my forehead before I try using High Sierra again.
  I hope on the inside...
6. Re: Fingers crossed for Sierra by Anonymous Coward · 2018-01-04 06:33 · Score: 0
  
  4.14.11 includes the fuckwit fix. Grep bugs from /proc/cpuinfo or isolation from boot messages. Still waiting for Debian.
7. Re:Fingers crossed for Sierra by 93+Escort+Wagon · 2018-01-04 07:00 · Score: 1
  
  Given they consistently post security fixes for the three most recent versions of the OS, I would expect this was included in the December 6 security updates for El Capitan and Sierra as well.
  It's not like Apple actually makes any noise regarding the updates for its older OSes... they just show up in the App Store, and you have to go look at the relevant knowledge base article to learn anything. And given that this purported fix is "someone said this", it's not surprising that 10.11 and 10.12 weren't mentioned.
  
  --
  #DeleteChrome
8. Re: Fingers crossed for Sierra by sa666_666 · 2018-01-04 09:11 · Score: 1
  
  But 4.14.11 doesn't include the fix that disables slowing down AMD processors. That one has been committed for 4.15, but there should also be a 4.14.12 to fix it there too.
9. Re: Fingers crossed for Sierra by Anonymous Coward · 2018-01-04 11:10 · Score: 0
  
  True but I heard Arch included the AMD patch to 1.14.11-1.
10. Re:Fingers crossed for Sierra by 93+Escort+Wagon · 2018-01-05 05:34 · Score: 1
  
  Following up...
  Apple updated the page describing last month's security patches to explicitly state the same kernel fixes were put in place for High Sierra, Sierra, and El Capitan.
  
  --
  #DeleteChrome
11. Re:Fingers crossed for Sierra by 93+Escort+Wagon · 2018-01-05 08:02 · Score: 1
  
  ...and they updated the document AGAIN today, and removed the references to Sierra and El Capitan. So, at the moment, those are apparently not patched after all.
  
  --
  #DeleteChrome
Throttle CPU by Anonymous Coward · 2018-01-04 04:07 · Score: -1, Flamebait

I'm sure they'll also throttle the CPU so you can buy a new Mac as well.
1. Re: Throttle CPU by Anonymous Coward · 2018-01-04 04:09 · Score: -1
  
  There are thousands of dormant accounts with modpoints just matured waiting for you to log in. Stupid AC.
2. Re:Throttle CPU by Anonymous Coward · 2018-01-04 04:18 · Score: -1
  
  Or you can pay $29 for a new battery; your choice.
3. Re:Throttle CPU by Bing+Tsher+E · 2018-01-04 04:28 · Score: 0
  
  They will wait until after the Christmas Shopping Season to tell you about the $29 option.
  "Your phone is SLOW. You should buy a NEW phone."
4. Re:Throttle CPU by Hal_Porter · 2018-01-04 05:31 · Score: 5, Informative
  
  Funny thing is that this bug is almost an example of Intel throttling old hardware. The KPTI fix is apparently less of a performance hit if you have a new Intel CPU with PCIDs
  https://www.theregister.co.uk/...
  
  Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features - such as PCID - to reduce the performance hit. Your mileage may vary.
  PCID - Process Context ID - means you can tag the TLB entries with a 11 bit process ID.
  http://forum.osdev.org/viewtop...
  
  Also, the Intel manual says bit 0-11 of CR3 is used as the PCID. Does it somehow related to the usual process id user mode code see? If yes, does it mean it imposes a limit on the # of user processes (4096) allowed ?
  Which means you don't need to flush the whole TLB - you just invalidate the ones which belong to a process you're switching away from
  http://linuxeco.com/?p=488
  
  A PCID is a 12-bit identifier, and may be thought of as a "Process-ID" for TLBs. If CR4.PCIDE = 0 (but 17 of CR4), the current PCID is always 000H; otherwise, the current PCID is the value of bits 11:0 of CR3. Non-zero PCIDs are enabled by setting the PCIDE flag (bit 17 of CR4).
  When a logical processor creates entries in the TLBs (Section 4.10.2 of the x86 prog reference manual) and paging structure caches (Section 4.10.3), it associates those entries with the current PCID (Oh ... such a loose association of PCID with PID). Note that this means that where the PGD is located is somehow being interpreted in the PID "process context". When using entries in the TLBs and paging-structure caches to translate a linear address, a logical processor uses only those entries associated with the current PCID, and hence flushes of the TLB are avoided.
  Presumably you could have on PCID value for the kernel and the other 4095 for tasks and not need to go a TLB flush when switching until the PCID value wrapped.
  Of course that means you need a sufficiently recent Intel CPU.
  https://software.intel.com/sit...
  
  FMA, AVX2, BMI1, BMI2, INVPCID, LZCNT, TSX - Haswell and later
  I.e. you need a Haswell 4xxx processor or later
  https://en.wikipedia.org/wiki/...
  At least for the Linux KPTI fix it seems like it does support PCID
  https://lwn.net/Articles/74060...
  
  - Integrated all fixes and Peters rewrite of the PCID/TLB flush code.
  So does the macOS fix
  https://www.macrumors.com/2018...
  
  Ionescu also says that performance drop on a system with PCID (Process-Context Identifiers), available on most modern Macs, is "minimal," so most users may not see an impact on day-to-day Mac usage.
  Of course if you have an 2012 Macbook Pro you've got an i5-3210M so you don't have PCID so you'll either have an insecure machine or a performance hit.
  Interesting thing is if there was a class action lawsuit, I wonder if you could get Intel to give you a new CPU with PCID to minimise the impact of the bug fix.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
5. Re:Throttle CPU by TheFakeTimCook · 2018-01-04 07:48 · Score: 1
  
  They will wait until after the Christmas Shopping Season to tell you about the $29 option.
  "Your phone is SLOW. You should buy a NEW phone."
  How long is THIS (incorrect) meme going to rattle-around Slashdot?
6. Re: Throttle CPU by HumanEmulator · 2018-01-04 10:22 · Score: 0
  
  Honest question: What is incorrect about this? Apple has admitted that they slow down phones with bad batteries (which would include the iPhone 6s that *shipped* with bad batteries.) When asked about a slow phone, Apple Store employees do suggest buying a new one.
7. Re: Throttle CPU by TheFakeTimCook · 2018-01-04 22:54 · Score: 1
  
  Honest question: What is incorrect about this? Apple has admitted that they slow down phones with bad batteries (which would include the iPhone 6s that *shipped* with bad batteries.) When asked about a slow phone, Apple Store employees do suggest buying a new one.
  But, again honestly:
  1. Did Apple KNOW that the 6s "Shipped with bad batteries", and if so, when? EVERYONE has supplier-issues once in awhile (See, Samsung Note 7). It's how you RESPOND to those issues that is important.
  2. Is the Apple Store employees' suggestion a Company Policy; or just some overly gung-ho salespeople who didn't have any special knowledge of the battery-saving software, either? I would bet nearly my last dollar that Apple didn't TELL their store employees to "suggest buying a new one."
8. Re: Throttle CPU by Bing+Tsher+E · 2018-01-06 17:41 · Score: 1
  
  Apple told the employee: "Your numbers aren't looking so good. You better sell more or we'll have to let you go."
  There was no 'nudge nudge, wink wink' either. There didn't need to be one.
9. Re: Throttle CPU by TheFakeTimCook · 2018-01-06 21:34 · Score: 1
  
  Apple told the employee: "Your numbers aren't looking so good. You better sell more or we'll have to let you go."
  There was no 'nudge nudge, wink wink' either. There didn't need to be one.
  Prove it.
10. Re: Throttle CPU by Bing+Tsher+E · 2018-01-07 05:49 · Score: 1
  
  Mister Literal presents his fuckhead defense of Apple.
  No, not interested in proving anything to you. You're just somebody here to toy with, because you're a religious cult member. Nerds like to make fun of people like that.
  Carry on, moonie.
11. Re: Throttle CPU by TheFakeTimCook · 2018-01-08 04:11 · Score: 1
  
  Mister Literal presents his fuckhead defense of Apple.
  No, not interested in proving anything to you. You're just somebody here to toy with, because you're a religious cult member. Nerds like to make fun of people like that.
  Carry on, moonie.
  Well alrighty, then!
  I guess we're done here...
KPTI isn't the "vulnerability" by Anonymous Coward · 2018-01-04 04:07 · Score: 1

So this article is pretty wrong. First of all, KPTI -- kernel page table isolation -- isn't a vulnerability, it's a security framework that prevents meltdown (and more importantly a bunch of other potential attacks) from being effective.
Oh no. by U8MyData · 2018-01-04 04:13 · Score: 0

And Intel can't seem to get stuff right, P90 bug anyone. What happens when they go AI or deep learning and have similar issues? No one is perfect but I am certainly a bit concerned.
1. Re:Oh no. by ceoyoyo · 2018-01-04 04:41 · Score: 3, Insightful
  
  If your AI can't figure out it's way around silly processor errors you've got a problem. Deep learning likes noise. You add extra, on purpose.
  Regular algorithms are fragile and usually don't work if the numbers don't add up. But be fair: Intel has had two real bugs that I remember, in the last... forty years? Outside of those two, I doubt anyone has even contemplated the need to patch their processor. Not many projects in the computer business can say that.
2. Re:Oh no. by Anonymous Coward · 2018-01-04 05:18 · Score: 1
  
  "Outside of those two" - Which rock are you hiding under? You should look at the processor errata sheets. Then you'll wonder how your computer ever works right. Many computer crashes and hangups are actually due to processor bugs.
3. Re:Oh no. by BitZtream · 2018-01-04 08:14 · Score: -1
  
  Ignorance abounds here.
  Show me an OS that doesnt apply microcode fixes to the CPU at boot time.
  Then go read the processor errata documents, which document the many many known bugs in the CPU.
  You dont think about it because you arent aware its happening, but ut happens everytime you start. Windows, Linux, OSX, the BSDs ... they all do it on every single boot
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
4. Re:Oh no. by Anonymous Coward · 2018-01-04 14:06 · Score: 0
  
  It's bitztream the autism-hating, custom EpiPen-hating, Musk-hating, Qualcomm-hating, Firefox tabs-hating, Slashdot editors-hating Slashdot troll!
Meanwhile... by Anonymous Coward · 2018-01-04 04:17 · Score: 0

Android shitphones will have to be tossed in the garbage because we all know those pieces of waste will never be patched! (Yes, Spectre affects ARM)
"most" by xxxJonBoyxxx · 2018-01-04 04:19 · Score: 1

Like we've already addressed most vulnerabilities ever discovered? (It's the new, unaddressed ones that bite you.)
no thanks (sarcsasm) by supernova87a · 2018-01-04 04:22 · Score: 3, Funny

This is outrageous that Apple is rolling out some software update to "help" our processors function better without asking us! I demand to be asked whether I want this software fix to be implemented, because it makes my processor work slower! Apple sucks and don't get me started on batteries.
Doubly impacted by SuperKendall · 2018-01-04 04:22 · Score: 1

Although your post is a throwaway joke, it actually hits on a real issue for Android. Not only do Android devices generally have a harder time getting patches, Android itself is way more open to applications having background tasks running... which is important for actually taking advantage of a Spectre exploit. On iOS apps running background tasks are much more limited in duration and ability, and so have much less of a chance to have a meaningful attack on other apps running simultaneously.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:Doubly impacted by NicknameUnavailable · 2018-01-04 04:38 · Score: 1
  
  Doesn't Spectre impact Intel+AMD+ARM?
2. Re:Doubly impacted by SuperKendall · 2018-01-04 05:24 · Score: 2
  
  It impacts everything, yes, but key to Spectre doing anything useful is that you have two applications running at once. So on a desktop or on servers Spectre is still a big deal, but on mobile devices it's more limited since mostly you are running one application at a time and other applications are offloaded. The more that is true the safer you are, and in IOS applications are generally offloaded sooner and not running processes in the background for an attacker to collect data from.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
3. Re:Doubly impacted by charliemerritt03 · 2018-01-04 05:53 · Score: 1
  
  I read that PowerPC is also effected. Can anyone explain what SPECTRE is? Seems strange that almost all PC chips have this flaw - the paranoid in me asks: Management Engine?
4. Re:Doubly impacted by NicknameUnavailable · 2018-01-04 10:08 · Score: 1
  
  It's a way of optimizing things by sharing memory in a way that puts security expectations in the software which were never implemented (from my understanding of it thus far.) It seems like the chip architecture equivalent of locking down user data based on calculated permissions for users logged into a website, as opposed to encrypting each user's data and ensuring only their key can decrypt it - except for what memory things have access to instead of what data is actually feasible to obtain. That may be way off though, I've only been getting information on it from headlines and secondary definitions, not whitepapers or anything.
5. Re: Doubly impacted by HumanEmulator · 2018-01-04 10:31 · Score: 1
  
  Imagine you're having a conversation with someone who likes make the converstion go fast by finishing other people's sentences for them. When they're about to say something that's classified, they stop themselves before saying something they shouldn't. Researchers figured out that if you ask them what they were just thinking about, they will actually tell you.
Options exist to live dangerously by sethstorm · 2018-01-04 04:25 · Score: -1

Linux does offer the option to disable, whether by boot loader or by manually patching out the flag.

--
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
In other unconfirmed news... by Anonymous Coward · 2018-01-04 04:46 · Score: 0

God may exist. Or he may not. Or she may have gotten a sex change. If she exists.
so... by buddyglass · 2018-01-04 04:55 · Score: 1

Should we expect a corresponding performance hit?
According to Ars, Spectre is âoeUnfixable by Anonymous Coward · 2018-01-04 05:54 · Score: 0

SOL
Thankfully PCID has around for a while... by SuperKendall · 2018-01-04 06:05 · Score: 3, Informative

I was thinking only the very most recent processors had PCID, but looking at my 2013 MacBook Pro, even that has PCID (Intel Core I7). So at least from the i7 on it seems like systems may not be too affected, probably most developers have at least an i7 in current systems.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:Thankfully PCID has around for a while... by Anonymous Coward · 2018-01-04 08:51 · Score: 0
  
  I have a i3-2370M and it supports PCID.
Wording! by Anonymous Coward · 2018-01-04 06:07 · Score: 0

Love the wording:
This: "addresses design flaw" (but it's only rumoured, how is there no official patch note?!?)
Corresponding windows: "patches bug" (again, Windows is "buggy" lol)
Nice
"Partially" by Anonymous Coward · 2018-01-04 06:30 · Score: 0

So your system is partially secure?
Is your wife partially pregnant?
Apple users are terminally stupid egomaniacs.
So by BitztreamNotARealNam · 2018-01-04 16:33 · Score: 1

How's life in the hypocrite lane?
Official Statement by jeremyp · 2018-01-04 17:08 · Score: 1

Apple have now commented on the issue.
https://support.apple.com/en-u...

--
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe