All Mac & iOS CPUs affected by 'Meltdown' and 'Spectre' chip flaws, some fixes already in ...

Posted:
in General Discussion edited January 2018
Following the news that both Intel- and ARM-based processors can be susceptible to various hacks, Apple issued a statement on Thursday announcing that it has already implemented some fixes in the latest iOS and macOS releases, with more still to come. However, there are not currently any known exploits taking advantage of "Meltdown" and "Spectre."




"All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time," Apple said in a statement. "Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.

"Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS."

Some reports have alleged that fixes for the chip kernel flaws could affect system performance and potentially slow down systems. However, Apple's own tests have shown that fixes for "Meltdown" and "Spectre" have minimal, if any, effect on system speed.

Apple explained that the security exploits take advantage of a modern CPU feature called "speculative executive." This improves speed by operating on multiple instructions at the same time, and sometimes in a different order from which the entered the CPU.

"To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed," the company wrote. "If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software."




"Meltdown" and "Spectre" take advantage of this functionality to access what is known as "privileged memory," which can include the kernel of the CPU.

AppleInsider confirmed earlier this week that Apple has already partially implemented a fix in macOS through the 10.13.2 software update. Apple's own statement on Thursday adds that iOS 11.2, as well as tvOS 11.2, have addressed such problems on other platforms.

First exposed as an Intel-specific problem, it was later revealed that all modern CPUs are affected by the wide-reaching kernel memory security issue. The bug goes well beyond Intel's X86 architecture, and also affects processors based on ARM, which are used as reference designs for Apple's iPhone, iPad and Apple TV lineup.

"Meltdown" and "Spectre" can be executed on nearly every X86 device produced since 1997. Researchers believe that hackers could develop exploits to steal virtually any data on a system that remains unpatched.

The company's full statement on "Meltdown" and "Spectre" is included below:

About speculative execution vulnerabilities in ARM-based and Intel CPUs



Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.

Background



The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once-- possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.

The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory-- including that of the kernel-- from a less-privileged user process such as a malicious app running on a device.

Meltdown



Meltdown is a name given to an exploitation technique known as CVE-2017-5754 or "rogue data cache load." The Meltdown technique can enable a user process to read kernel memory. Our analysis suggests that it has the most potential to be exploited. Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation. Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.

Spectre



Spectre is a name covering two different exploitation techniques known as CVE-2017-5753 or "bounds check bypass," and CVE-2017-5715 or "branch target injection." These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.
Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques. Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark. We continue to develop and test further mitigations within the operating system for the Spectre techniques, and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.
«13

Comments

  • Reply 1 of 56
    netroxnetrox Posts: 718member
    So Intel was telling the truth that it wasn't just Intel but also several non-Intel CPU's being affected.
    VRingbrian greenrandominternetpersonSpamSandwichjony0
  • Reply 2 of 56
    So far it looks like AMD has escaped this problem. I am surprised there has not been more talk about that.
  • Reply 3 of 56
    VRingVRing Posts: 108member
    Definitely a shame, but at least the industry is now moving quickly on this. When all is said and done, I'm curious to see what the final performance impacts will be on various devices and systems.
  • Reply 4 of 56
    foggyhillfoggyhill Posts: 4,767member
    netrox said:
    So Intel was telling the truth that it wasn't just Intel but also several non-Intel CPU's being affected.
    They were telling half a truth, they're affected by the worst variant and they are affected in a worse way. So, more like bullshit deflection than truth.
    watto_cobrawilliamlondon
  • Reply 5 of 56
    foggyhillfoggyhill Posts: 4,767member
    MisterKit said:
    So far it looks like AMD has escaped this problem. I am surprised there has not been more talk about that.
    Seems they are affected by meltdown at least, not sure for anything else.
  • Reply 6 of 56
    pslicepslice Posts: 70member
    I’m so tired of crooks trying to make off with my personal information. If we could see the death penalty for a hacker maybe some of this crap would stop.
    watto_cobrajoma
  • Reply 7 of 56
    pslice said:
    I’m so tired of crooks trying to make off with my personal information. If we could see the death penalty for a hacker maybe some of this crap would stop.

    Well it appears you might have missed the phrasing "...there are not currently any known exploits taking advantage of...".  So really, no crooks are trying in this instance.  It's true that someone left the jewelry store unlocked, but so far nobody is sneaking in after hours to steal the goodies.  Rather than getting angry and establishing a death penalty, you could take heart and celebrate that for all these past twenty years, nobody has done evil with this.  :)
    edited January 2018 baconstangpolymniachiazroger73
  • Reply 8 of 56
    macplusplusmacplusplus Posts: 1,606member
    MisterKit said:
    So far it looks like AMD has escaped this problem. I am surprised there has not been more talk about that.
    There has not been more talk because AMD is susceptible as everyone. It may evade Meltdown but it is caught by Spectre.
  • Reply 9 of 56
    foggyhillfoggyhill Posts: 4,767member
    MisterKit said:
    So far it looks like AMD has escaped this problem. I am surprised there has not been more talk about that.
    There has not been more talk because AMD is susceptible as everyone. It may evade Meltdown but it is caught by Spectre.

    Except they're not all equivalent, so that's a false equivalence anyway. Intel knows their problem is deeper and harder to solve.
    williamlondon
  • Reply 10 of 56
    nousernouser Posts: 65member
    This flaw has been in the chips since the mid 90's.  These recent Apple patches are only applicable to fairly recent devices.  What about those of us who still have lots of older hardware in daily use?  I have a lot of very usable hardware that is unable to run the latest Mac OS / IOS.  I'm confident I'm not the only one.  Not pleased with this solution since I cannot use it on all my hardware. 
    razorpit
  • Reply 11 of 56
    davendaven Posts: 506member
    I think the good news is that Apple reports that their Meltdown fix does not require a performance hit and the Spectre fix is only a 2.5% hit.
    randominternetperson
  • Reply 12 of 56
    asdasdasdasd Posts: 5,267member
    pslice said:
    I’m so tired of crooks trying to make off with my personal information. If we could see the death penalty for a hacker maybe some of this crap would stop.
    Well they don’t need a kernel hack to get st your info. On the Mac any non sandboxed app can access the user level file system. 
    williamlondon
  • Reply 13 of 56
    entropysentropys Posts: 1,627member
    nouser said:
    This flaw has been in the chips since the mid 90's.  These recent Apple patches are only applicable to fairly recent devices.  What about those of us who still have lots of older hardware in daily use?  I have a lot of very usable hardware that is unable to run the latest Mac OS / IOS.  I'm confident I'm not the only one.  Not pleased with this solution since I cannot use it on all my hardware. 
    I highly doubt it would be worth anyone’s while to invest resources to attack such devices. They would not be enough of them.
    StrangeDays
  • Reply 14 of 56
    jas99jas99 Posts: 25member
    Who handles communication at Apple? The first sentence of the public statement should have been something like, “Apple has already issued software updates to address yada yada yada… While the Intel chip flaw exists in Macs, Apple has already addressed the issue.”

    But no. The first thing Apple says is, “Everything Apple makes is affected.”

    And that’s the headline.

    Idiots.

    I think Apple makes fantastic products and services but can Apple PLEASE take reasonable steps to combat the irrational haters of the world?
  • Reply 15 of 56
    r2d2r2d2 Posts: 95member
    foggyhill said:
    netrox said:
    So Intel was telling the truth that it wasn't just Intel but also several non-Intel CPU's being affected.
    They were telling half a truth, they're affected by the worst variant and they are affected in a worse way. So, more like bullshit deflection than truth.
    The funny thing is that all of the tech articles that I'm reading state just the opposite of what you said.

    Meltdown, which affects all Intel chips, has already been patched. While being the most exploitable bug, it seems it was the easiest to handle. Updates are going out already. 

    Spectre, by all accounts, will be the most difficult to deal with. It will require a fundamental redesign of processors. A fix for Spectre may not be available until a new generation of chips are on the market. It's not going away tomorrow or the next day, or next year. This can take many years because it's hardware. I would say that this is being "affected in the worse way."

    Intel was being truthful.
    edited January 2018 fastasleepwilliamlondon
  • Reply 16 of 56
    StrangeDaysStrangeDays Posts: 7,125member
    pslice said:
    I’m so tired of crooks trying to make off with my personal information. If we could see the death penalty for a hacker maybe some of this crap would stop.
    Funny, that hasn’t put an end to murder in US states with capital punishment. Guess people don’t work that way.
    fastasleepcolinngchiazroger73
  • Reply 17 of 56
    StrangeDaysStrangeDays Posts: 7,125member

    nouser said:
    This flaw has been in the chips since the mid 90's.  These recent Apple patches are only applicable to fairly recent devices.  What about those of us who still have lots of older hardware in daily use?  I have a lot of very usable hardware that is unable to run the latest Mac OS / IOS.  I'm confident I'm not the only one.  Not pleased with this solution since I cannot use it on all my hardware. 
    Have your old devices been exploited since the mid 90’s?
  • Reply 18 of 56
    Rayz2016Rayz2016 Posts: 4,556member
    jas99 said:
    Who handles communication at Apple? The first sentence of the public statement should have been something like, “Apple has already issued software updates to address yada yada yada… While the Intel chip flaw exists in Macs, Apple has already addressed the issue.”

    But no. The first thing Apple says is, “Everything Apple makes is affected.”

    And that’s the headline.

    Idiots.

    I think Apple makes fantastic products and services but can Apple PLEASE take reasonable steps to combat the irrational haters of the world?
    Could be that Apple doesn’t care about irrational haters, but does care about its customers. 
    polymniah4y3schia
  • Reply 19 of 56
    dewmedewme Posts: 1,997member
    nouser said:
    This flaw has been in the chips since the mid 90's.  These recent Apple patches are only applicable to fairly recent devices.  What about those of us who still have lots of older hardware in daily use?  I have a lot of very usable hardware that is unable to run the latest Mac OS / IOS.  I'm confident I'm not the only one.  Not pleased with this solution since I cannot use it on all my hardware. 
    These flaws are only one small piece of a much larger puzzle that needs to be constructed and orchestrated by an attacker to gain access to data that is being managed by an operating system kernel. The primary job of the operating system kernel is to time-share the computer's hardware resources between all of the apps that are executing at the same time on the computer in a way that makes each app think it has its own dedicated set of hardware resources when in-fact all apps are sharing the same set of hardware resources. The kernel is not the security gatekeeper for secrets, but it does need to keep some secrets around to gain access to certain resources on behalf of an app+user. To take advantage of these two vulnerabilities the attacker would have to 1) get executable code on to your device, 2) orchestrate the non-trivial steps needed to suck kernel data through a tiny window that is not always open, 3) collect the data, 4) optionally filter the data for secrets that just happened to be in the captured kernel memory pages, and 5) transport the data of interest off your device to an offsite location where it can be 6) deciphered and used to some advantage by the attacker. This is a non-trivial, low signal to noise ratio fishing expedition with uncertain value. After all, most of what the kernel is doing has nothing to do with secrets, it's just handling state information needed to keep the massive house of cards it's managing from collapsing. If an attacker just wants to mess with you and not leave a trace behind there are much easier cybersecurity exploits already available, with human engineering being a prime candidate.
    randominternetpersonbonobobchiaGG1bakedbananas
  • Reply 20 of 56
    sflocalsflocal Posts: 4,501member
    nouser said:
    This flaw has been in the chips since the mid 90's.  These recent Apple patches are only applicable to fairly recent devices.  What about those of us who still have lots of older hardware in daily use?  I have a lot of very usable hardware that is unable to run the latest Mac OS / IOS.  I'm confident I'm not the only one.  Not pleased with this solution since I cannot use it on all my hardware. 
    Is your machine suddenly unusable because of this flaw?  Why do you expect Apple to provide support for machines it no longer supports?  Do you expect Microsoft to release a patch for users out there still running Windows XP or Windows 98?
    jkichlinechialkrupp
Sign In or Register to comment.