Intel chip kernel flaw requires OS-level fix that could impact macOS performance, report s...

Posted:
in Current Mac Hardware
A newly discovered silicon-level flaw in Intel's chip designs is forcing operating system manufacturers to update kernels and other software components to rectify the issue, changes that will reportedly result in performance slowdowns of up to 30 percent.




According to a report from The Register, the security flaw grants user applications a certain level of access to protected kernel memory data, which can include everything from passwords to application keys and file caches.

While details surrounding the bug are being kept under wraps until fixes are issued for major operating systems like Microsoft's Windows and the open-source Linux, the vulnerability is present in Intel x86 hardware produced during the past decade. That includes processors in past and current Macs.

Importantly, Intel is unable to close the hole with a firmware update, leaving operating system manufacturers like Microsoft and Apple to push out fixes on their end. Alternatively, users can purchase a new processor that does not contain the fault.

Microsoft is reportedly preparing to release fixes for Windows in an upcoming Patch Tuesday release, with the update due to arrive as early as next week. Recent patches to Linux's kernel virtual memory system yield clues as to what is amiss, and what remedies developers plan to implement in the coming days.

Linux programmers have elected to completely separate a system's kernel memory from system processes using Kernel Page Table Isolation (KPTI). KPTI patches move the kernel from virtual memory address spaces into its own distinct address space.

The drastic measure suggests Intel's silicon contains a fundamental flaw that could allow user programs to usurp kernel protections. Exactly how the built-in security protocols can be bypassed, or by what mechanism the kernel is being made available to user programs, is unknown.

Separating the kernel into its own address space comes at a hefty premium on operating performance, with current benchmarks showing a five to 30 percent slowdown depending on task and CPU model, the report said.

Aside from Microsoft's Windows and Linux, 64-bit versions of Apple's macOS are also open to the vulnerability. Beyond personal computers, some believe cloud services like Amazon EC2, Microsoft Azure and Google Compute Engine are impacted by the bug and will need to be updated.
«1345

Comments

  • Reply 1 of 90
    foggyhillfoggyhill Posts: 4,767member
    In a just world this truly horrendous issue should crash Intel's stock, but probably won't, only Apple seemingly gets any scrutiny for anything even when it is trivial.
    welshdogStrangeDayscornchipracerhomie3bb-15pscooter63wlymchiamwhitearthurba
  • Reply 2 of 90
    SoliSoli Posts: 10,035member
    If a OS-level patch can "fix" a security flaw built into CPU HW then a OS-level SW hack may be be able to exploit it.
    edited January 2018 netroxwelshdogcornchippscooter63chiaiqatedodoozydozenjony0
  • Reply 3 of 90
    welshdogwelshdog Posts: 1,897member
    This seems like exceptionally bad news - for everyone. Just knowing this flaw exists, even without details, means the bad actors of the world will be working overtime to find an exploit.  And then they'll work to find an exploit to the fix.  This has got to be Intel's biggest screwup ever.  It would be nice to get some info eventually on what chips/machines are affected and by how much.  
    cornchiparthurbastanthemanhodarMuntzrandominternetpersonwatto_cobradoozydozenjony0
  • Reply 4 of 90
    rob53rob53 Posts: 3,241member
    If Intel has or can fix this HW issue then I will demand a replacement Mac for every Mac I own. Software won’t fix a HW issue that a hack can’t exploit. I see a class action lawsuit against Intel not Apple. 
    cornchiptenchi211Scot1mwhitearthurbastanthemanhodarjbdragonphilboogiewatto_cobra
  • Reply 5 of 90
    netroxnetrox Posts: 1,415member
    does anyone remember the intel division bug?
    zroger73
  • Reply 6 of 90
    SoliSoli Posts: 10,035member
    rob53 said:
    I see a class action lawsuit against Intel not Apple. 
    What are the odds that Apple is named as being culpable in at least one of these class actions? After all, we're talking about doing an OS-level patch to fix a HW issue from a vendor years after products were released which will result in slower maximum system performance, and yet Apple is still being sued for keeping their iPhones running.
    edited January 2018 cornchiparthurbamacxpresswatto_cobrajony0
  • Reply 7 of 90
    cornchipcornchip Posts: 1,945member
    WTF???

    sounds ridiculously bad.

    doubt there will ever be a HW remedy for my ‘09 tower...
    edited January 2018 welshdogphilboogiewatto_cobra
  • Reply 8 of 90
    SoliSoli Posts: 10,035member
    netrox said:
    does anyone remember the intel division bug?
    Yes.

    https://en.wikipedia.org/wiki/Pentium_FDIV_bug


    1994 :: "The man who found the bug points out that since it went unnoticed for a year in a popular product, that likely indicates that the bug was less harmful than IBM suggested."

    2018 :: "Being discovered many years later clearly indicates that the sky is falling, human sacrifice, dogs and cats living together, mass hysteria… and Apple should be sued for it."
    dewmenetroxpscooter63bestkeptsecretchiamwhitephilboogiewatto_cobradoozydozenh2p
  • Reply 9 of 90
    jd_in_sbjd_in_sb Posts: 1,600member
    The 30% performance hit could trigger a wave of lawsuits. 
    arthurbastanthemanjbdragon
  • Reply 10 of 90
    davendaven Posts: 696member
    netrox said:
    does anyone remember the intel division bug?
    I do. I had a CPU with it and Intel send me a replacement chip. Back then it was easy to fix on my PC. Open the case. Move the lever that held the heat sink to the CPU, remove the heat sink, lift out the CPU, orient the new CPU properly and insert, put the heat sink on, tighten with the lever. Done.
    netroxarthurbaHabi_tweethodarzroger73brian greenphilboogie
  • Reply 11 of 90
    anomeanome Posts: 1,533member
    My first reaction is “Intel have a bug on a mass produced chip? This is news?”
    foggyhill said:
    In a just world this truly horrendous issue should crash Intel's stock, but probably won't, only Apple seemingly gets any scrutiny for anything even when it is trivial.
    Intel are too important, they’ll get propped up by their customers. Really makes you wish there was credible competition for processors like there used to be.

    I still don’t think Apple are ready to go with ARM for the desktop, but I bet the custom silicon lobby inside the company are using this to press their case.
    welshdogarthurbahodarMuntzbrian greenphilboogiewatto_cobra
  • Reply 12 of 90
    k2kwk2kw Posts: 2,075member
    It should be time for an A series based MacBook Air or an iOS laptop?
    mcdave
  • Reply 13 of 90
    sflocalsflocal Posts: 6,092member
    And Intel put another nail in its own coffin as far as Apple is concerned.  This probably has the folks in Cupertino working like crazy to replace the x86 chip with their own.

    i remember the division flaw back in the 90’s.  I recall Intel offering to replace CPU’s if they were being used for “scientific” purposes and precision was an absolute.  Everyone else for the most part was stuck with a defective chip, truth be told the bug didn’t affect most regular users but still.

    If this is as bad as they say, I demand that Apple replace the CPU in my 2015 5K iMac and my new MBP on Intel’s dime.


    arthurbazroger73brian green
  • Reply 14 of 90
    frank777frank777 Posts: 5,839member
    This isn't an argument for Apple chips over Intel chips. Hardware security issues can crop up regardless of builder.

    This is an argument for not soldering in CPUs.
    welshdogcecil444retrogustochiaScot1asdasdarthurbahodarzroger73iqatedo
  • Reply 15 of 90
    SoliSoli Posts: 10,035member
    frank777 said:
    This isn't an argument for Apple chips over Intel chips. Hardware security issues can crop up regardless of builder.

    This is an argument for not soldering in CPUs.
    Can you imagine someone advocating for CPUs in iDevices to be socketed? I can't.

    What about other Apple designed chips? If a design flaw can be discovered in an A-series chip, which is the argument for making it socketed, then one would have to extend that to all other Apple chip designs, like the T-series, where a security flaw can have some very bad ramifications since it's used to hold the most sensitive data in an Apple device even when powered off. But I have to question whether a socketed T-series chip designed around security would be a good idea from a security standpoint, which then follows back up to other Apple chips.
    edited January 2018 chiaarthurbadoozydozen
  • Reply 16 of 90
    clexmanclexman Posts: 208member
    k2kw said:
    It should be time for an A series based MacBook Air or an iOS laptop?
    Then a 30% slowdown on older hardware will be call a, "Feature," and not a bug.
  • Reply 17 of 90
    rob53 said:
    If Intel has or can fix this HW issue then I will demand a replacement Mac for every Mac I own. Software won’t fix a HW issue that a hack can’t exploit. I see a class action lawsuit against Intel not Apple. 
    I would think that Mac users, if they sue anyone, would have to sue Apple. Then it would be up to Apple to sue or settle with Intel so they are reimbursed for the costs.
    Soliarthurba
  • Reply 18 of 90
    netroxnetrox Posts: 1,415member
    Actually, we should sue Apple as well, think of it - by sueing Apple (and every other PC company), we can force their devices to be more modular and more accessible for upgrades/exchanges. There is really no reason to soldier everything on a logic board considering that it can be expensive if they are forced to replace all logic boards with soldiered cpu's/ram. The components keep getting smaller and thinner yet they can easily be socketed. I cannot think of a reason why it should be soldered. 
    xzuScot1
  • Reply 19 of 90
    MplsPMplsP Posts: 3,911member
    clexman said:
    k2kw said:
    It should be time for an A series based MacBook Air or an iOS laptop?
    Then a 30% slowdown on older hardware will be call a, "Feature," and not a bug.
    Well actually, yeah. The OS feature causes a 30% slowdown but also fixes/patches the hardware bug. 
    racerhomie3asdasd
  • Reply 20 of 90
    dewmedewme Posts: 5,332member
    welshdog said:
    This seems like exceptionally bad news - for everyone. Just knowing this flaw exists, even without details, means the bad actors of the world will be working overtime to find an exploit.  And then they'll work to find an exploit to the fix.  This has got to be Intel's biggest screwup ever.  It would be nice to get some info eventually on what chips/machines are affected and by how much.  
    Yeah this is bad news like every one of the many thousands of major security issues that exist in all manner of products. Biggest screwup ever? Biggest this week ... but the week is less than half over. As debilitating as a 30% performance hit would be on tweaking a picture in Photoshop, I'm actually more concerned about this type of threat: https://www.wired.com/story/triton-malware-targets-industrial-safety-systems-in-the-middle-east/ . For those who don't know what a safety system is, it's an independent, isolated, and redundant control system that is put in place (at very great expense) to prevent a failure of the primary control system from leading to a catastrophic failure in an important system, like a power plant or refinery. In other words, the safety net that was put in place to prevent the worst-case scenarios that could occur in a plant from happening - was hacked to break the system it was supposed to be protecting. 

    The "bad actors" have already been working overtime for decades trying (and often succeeding) to exploit everything and anything that has any logic in it, from software, firmware, microcode, markup, macros, scripts, social media, humans, etc. Heck, there are professional-quality development toolkits freely available for anyone to download so you can discover your exploits in your spare time. Unannounced exploits are a worldwide unit of currency. Oh, and who is considered a "bad actor" is entirely relative and depends on who the actor is working for. Are the NSA, FBI, CIA, DOD, and the thousands of public and private companies working on behalf of government agencies, etc., "bad actors?" Depends on whose flag you fly, I guess.

    I don't want to sound like Chicken Little, but cybersecurity is a much greater threat than most lay people can comprehend or deal with at a personal level. It's an ongoing and existential threat that is the primary daily focus of hundreds of thousands of professionals just in the US, and there are easily as many unfilled jobs as ones that are currently filled. The good news is that the previous US administration truly understood the cybersecurity threat from day one and at least got the ball rolling on doing something about it in an apolitical and highly cooperative way between the public and private sectors. I hope the current administration's war on science doesn't lead to regression on this very serious concern. Dealing with the fallout from cybersecurity incidents is simply the new normal today, and it will stay that way at least until managing it gets woven into the fabric of everyday life - like destructive weather, tsunamis, and earthquakes so workarounds, mitigation, and compensation will be required, especially for legacy systems. Going forward everything that has logic in it must be designed with cybersecurity in mind and people must be aware and adapt as well.  
    chiabaconstangfastasleepmike54iqatedomontrosemacswatto_cobra
Sign In or Register to comment.