Apple already fixed Intel's massive chip flaw in macOS update

The critical design flaw discovered in the way Intel CPUs process information has reportedly already been fixed by Apple in a recent release of macOS.

Apple’s fix came out at the beginning of December with the release of macOS 10.13.2. But according to one developer, the company has a few additional patches for Intel’s blunder in a current beta build.

The flaw can be found in all Intel chips made in the last 10 years. It allows desktop programs to read parts of a computer’s protected kernel memory. This potentially gives malicious apps and attackers access to passwords, login info and other personal information.

Developer Alex Ionescu posted on Twitter that Apple included a fix for the flaw in macOS 10.13.2. Another report from AppleInsider echoes Ionescu’s claim, citing other sources that say most of the damage has already been mitigated.

The question on everyone's minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the "Double Map" since 10.13.2 — and with some surprises in 10.13.3 (under Developer NDA so can't talk/show you). cc @i0n1c @s1guza @patrickwardle pic.twitter.com/S1YJ9tMS63 — Alex Ionescu (@aionescu) January 3, 2018

Intel issued a statement today saying that the exploits aren’t limited to Intel chips — lots of other manufacturers’ silicon suffers from the same issue.

“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”

Some early reports estimated that fixing the flaw will cause Windows and Linux machines to see performance slowdowns of up to 30 percent. Intel says the performance impact shouldn’t be major, though.

workingonbeingbetter on January 4th, 2018 at 14:16 UTC »

Here are the abstracts for the technically inclined:

Meltdown Abstract

The security of computer systems fundamentally relies on memory isolation, e.g., kernel address ranges are marked as non accessible and are protected from user access. In this paper, we present Meltdown. Meltdown exploits side effects of out of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords. Out-of-order execution is an indispensable performance feature and present in a wide range of modern processors. The attack is independent of the operating system, and it does not rely on any software vulnerabilities. Meltdown breaks all security assumptions given by address space isolation as well as paravirtualized environments and, thus, every security mechanism building upon this foundation. On affected systems, Meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer. We show that the KAISER defense mechanism for KASLR [8] has the important (but inadvertent) side effect of impeding Meltdown. We stress that KAISER must be deployed immediately to prevent large-scale exploitation of this severe information leakage.

Spectre Abstract

Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access to the victim’s memory and registers, and can perform operations with measurable side effects.

Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim’s process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, including operating system process separation, static analysis, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing/side-channel attacks. These attacks represent a serious threat to actual systems, since vulnerable speculative execution capabilities are found in microprocessors from Intel, AMD, and ARM that are used in billions of devices.

While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruction set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak.

Basically, Meltdown is easier to exploit than Spectre, but it has already been patched. The Meltdown patch slows down some processing because it increases security in the kernel-to-user and user-to-kernel transitions, but most people who don't use super-heavy RAM applications, major database applications, and high-performance computing applications won't notice a difference. Spectre, in my opinion, is going to be much more difficult to patch (if that's even possible without a hardware switch out), but less of an issue because the side attacks needed to exploit this fault are much more difficult to accomplish. I don't think most people will have an issue with Spectre for this reason. The people who do need to take precautions on Spectre are system administrators who deal with system-wide applications that use common application pools. However, I'm relatively confident that randomization protocols can be implemented to alleviate these issues too. So all in all, I don't think these bugs are things that will affect most people and I don't think they are things most people need to worry about.

ljod on January 4th, 2018 at 13:52 UTC »

Is it only available for High Sierra? I'm using Sierra.

mixvio on January 4th, 2018 at 11:42 UTC »

One of them. Spectre hasn't been patched.