The exact nature of the vulnerability has not been made public so very few people actually know what it is. The reason that the OS vendors are working to patch it is not because of any fault of their own. They are simply the only ones who can fix it on existing computers. They are basically just covering their asses by patching the vulnerability, but because the patch must limit the privileges escalation issue, which has been a very convenient way for some apps to get things done quickly, each app will be affected differently from 0% to perhaps 30% during certain tasks. It is not an across the board 30% on everything. Many apps are not affected at all because they don't rely on the privilege escalation functions, which was a bad idea from the start, but since the Intel x86 chips have this newly discovered memory leak, it allows bad actors to exploit the privilege escalation functions in an app to take control of the machine. It should be noted that there are perhaps hundreds of system apps in the OS itself that use the privilege escalation functions as well as third party apps. Older Intel processors are much more susceptible to attack than newer ones.
AMD chips are not affected by the vulnerability, however depending on how the OS vendors decide to apply the patch, AMD may be slowed down as well. The programmers could provide an exclusion for AMD in the code, but they may also take a scorched earth approach to be on the safe side affecting both AMD and Intel, which would be bad for AMD through no fault of their own.
If this bug does go back years, and none of you have noticed yet, what is the big deal? If you don’t want to sacrifice the performance, don’t apply the patch. Wait until you get a new Mac with a new chip to update. The sky hasn’t fallen in the years this flaw has existed. Probably sill stay up there going forward.
I just bought a new MacBook Pro at the beginning of 2017, and every now and then I do use it for some serious scientific programming. For some things that take hours to run, a 30% hit is going to be painful. If the chip in that laptop is subject to this bug, then I'm sorry but your dismissive solution is not helpful. There will be numerous updates to the operating system prior to me being ready to purchase a brand new machine, and these OS updates will likely all contain the patch. So your solution would have me freeze my OS until such time as a new machine (without the bug) is available and I can afford to purchase it. That's not a good position to be in, IMO.
The exact nature of the vulnerability has not been made public so very few people actually know what it is. The reason that the OS vendors are working to patch it is not because of any fault of their own. They are simply the only ones who can fix it on existing computers. They are basically just covering their asses by patching the vulnerability, but because the patch must limit the privileges escalation issue, which has been a very convenient way for some apps to get things done quickly, each app will be affected differently from 0% to perhaps 30% during certain tasks. It is not an across the board 30% on everything. Many apps are not affected at all because they don't rely on the privilege escalation functions, which was a bad idea from the start, but since the Intel x86 chips have this newly discovered memory leak, it allows bad actors to exploit the privilege evaluation functions in an app to take control of the machine. Older Intel processors are much more susceptible to attack than newer ones.
AMD chips are not affected by the vulnerability, however depending on how the OS vendors decide to apply the patch, AMD may be slowed down as well. The programmers could provide and exclusion for AMD in the code, but they may also take a scorched earth approach to be on the safe side affecting both AMD and Intel, which would be bad for AMD through no fault of their own.
You are right that this bug could in theory be avoided in software, but most software is barely updated after install so the bug stays; it also depends how much the OS actually depend on these functions, if it does the fix may be long and painful and lead to vulnerabilities for a long time for even the best companies, let alone those that barely touch their servers. If you are running on cloud infrastructure, you'll likely won't be touched cause they'll simply upgrade your stuff and keep your level of service up (thoguh eventually prices should rise if it does impact the amount of servers they need to serve their clients).
I'd argue that right now, most infrastructures are riddled with exploits and mitigation and insuring not everything gets compromised at the same time (so you cn actually monitor for intrusion and have proper fallback backups) is the best that can be done.
I’m not likely understanding some of this story. One key statement is there is no firmware fix. Looking on Intels site, they have a table listing each cpu, and the minimum ME firmware version that resolves the issue, or at least one of the issues.
Like one of the other commenters, I too, in December, purchased a new mbp but also an new iMac. The About My MAC doesn’t describe the cpu level of detail about its firmware versions to know whether my chips have the latest firmware versions. It’s goimg to be Apple’s resonsibilty to push out the firmware updates.
A second thing to note. Intel has downloadable software to analyze your system for these flaws, but the software only runs under windows or Linux. Intel needs to push out a version for macOS.
I tested the tool on a Mid-2015 Retina Macbook Pro 15" under BootCamp. It outputs the following information:
Name: <your computer's name>
Manufacturer: Apple Inc.
Model: MacBookPro11,5
Processor Name: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz
OS Version: Microsoft Windows 8.1 Pro
Engine: Intel(R) Management Engine
Version: 9.1.20.1035
SVN: 1
Status: This system is not vulnerable.
Other Macs may be vulnerable or not. If any Mac is vulnerable of course Apple will issue a system update.
For the curious, here is Intel's official response. Tired of playing the voluntary reporter. Why don't you update your article AI?
Should people that are still within there return period for a iMac or MacBook Pro return there computers and wait this out?
Why are you asking that in this forum? Ask that to Apple Support.
For an opinion, the question has to do directly with this Intel problem. If you just bought a new computer and are within you return period still, would you recommend returning it and wait this Intel problem out? Im having a hard time understanding why Apple is still selling and shipping out computers with a known defect in the computer chip there using.
Should people that are still within there return period for a iMac or MacBook Pro return there computers and wait this out?
Why are you asking that in this forum? Ask that to Apple Support.
For an opinion, the question has to do directly with this Intel problem. If you just bought a new computer and are within you return period still, would you recommend returning it and wait this Intel problem out? Im having a hard time understanding why Apple is still selling and shipping out computers with a known defect in the computer chip there using.
1) What else would you buy? A Dell with an Intel processor?
Should people that are still within there return period for a iMac or MacBook Pro return there computers and wait this out?
Why are you asking that in this forum? Ask that to Apple Support.
For an opinion, the question has to do directly with this Intel problem. If you just bought a new computer and are within you return period still, would you recommend returning it and wait this Intel problem out? Im having a hard time understanding why Apple is still selling and shipping out computers with a known defect in the computer chip there using.
1) What else would you buy? A Dell with an Intel processor?
I wouldn't buy anything, The iMac I just purchased was $3000, but I can still return it and try to wait this out if possible. I guess I should wait and see what happens over the next week or so.
Because we were working on something else. See the link in my post above this one.
Thanks for the new article but the title is misleading. This is not a KPTI flaw, if you need to name it "Management Engine" is a better qualifier, as declared by Intel. KPTI is just an implementation under Linux, it may or may not relate to macOS.
Because we were working on something else. See the link in my post above this one.
Thanks for the new article but the title is misleading. This is not a KPTI flaw, if you need to name it "Management Engine" is a better qualifier, as declared by Intel. KPTI is just an implementation under Linux, it may or may not relate to macOS.
I don't disagree. Thus, the quotes.
For better or worse, this is getting called KPTI on social media and the Internet as a whole.
The sky isn't falling. There are many potential attack vectors both cyber and physical.
This is one that has a fix albeit with a sometimes hefty performance penalty. It's safer to do it this way even if the kernel protections worked...it's just slower.
Not sure you know what Luddite means or you didn't read what was said. Nothing was said about the sky falling. This is a very serious flaw in the actual hardware chip. That is nothing like software exploits. Yes is can be fixed with an external software bandaid, which itself will be vulnerable to exploit. That is what makes this so bad - the fix really isn't a fix. Thanks for trying to overstate what I didn't overstate.
This is why I keep multiple computers. Most notably I keep one in virtual lock-down status to use as a financial computer. It stores my financial records and only accesses a very few specific financial sites that I deal with. There is no web browsing on it and no email. Plus it's powered down unless I'm using it which is roughly about once a week.
That doesn't guarantee security of course, but it does improve the odds that my most valuable personal information will be safe from hackers.
You forgot to put it inside a Faraday cage, surrounded by a moat full of sharks, in an airgapped room.
If this bug does go back years, and none of you have noticed yet, what is the big deal? If you don’t want to sacrifice the performance, don’t apply the patch. Wait until you get a new Mac with a new chip to update. The sky hasn’t fallen in the years this flaw has existed. Probably sill stay up there going forward.
I just bought a new MacBook Pro at the beginning of 2017, and every now and then I do use it for some serious scientific programming. For some things that take hours to run, a 30% hit is going to be painful. If the chip in that laptop is subject to this bug, then I'm sorry but your dismissive solution is not helpful. There will be numerous updates to the operating system prior to me being ready to purchase a brand new machine, and these OS updates will likely all contain the patch. So your solution would have me freeze my OS until such time as a new machine (without the bug) is available and I can afford to purchase it. That's not a good position to be in, IMO.
You don’t know that the tasks you’re talking about are going to take a wholesale 30% hit either. So speculating on how bad the software fix is going to be at this point isn’t helpful either. Especially since it’s already been partially fixed and nobody noticed a massive slowdown in their genome sequencing or whatever it is you’re doing.
If this bug does go back years, and none of you have noticed yet, what is the big deal? If you don’t want to sacrifice the performance, don’t apply the patch. Wait until you get a new Mac with a new chip to update. The sky hasn’t fallen in the years this flaw has existed. Probably sill stay up there going forward.
I just bought a new MacBook Pro at the beginning of 2017, and every now and then I do use it for some serious scientific programming. For some things that take hours to run, a 30% hit is going to be painful. If the chip in that laptop is subject to this bug, then I'm sorry but your dismissive solution is not helpful. There will be numerous updates to the operating system prior to me being ready to purchase a brand new machine, and these OS updates will likely all contain the patch. So your solution would have me freeze my OS until such time as a new machine (without the bug) is available and I can afford to purchase it. That's not a good position to be in, IMO.
You don’t know that the tasks you’re talking about are going to take a wholesale 30% hit either. So speculating on how bad the software fix is going to be at this point isn’t helpful either. Especially since it’s already been partially fixed and nobody noticed a massive slowdown in their genome sequencing or whatever it is you’re doing.
The issue is not those that fix it like Apple which has not only quick fixes, but quick deployments as a matter of fact, but because its so wide, it will be in dozens of millions of devices that won't be fixed at all.
This is why I keep multiple computers. Most notably I keep one in virtual lock-down status to use as a financial computer. It stores my financial records and only accesses a very few specific financial sites that I deal with. There is no web browsing on it and no email. Plus it's powered down unless I'm using it which is roughly about once a week.
That doesn't guarantee security of course, but it does improve the odds that my most valuable personal information will be safe from hackers.
Where do you buy your tin foil hats?
Tin Foil Hat? LOL... ... No, I just don't like putting my personal financial info out there for people to steal... .......You apparently don't care about yours. That's fine.
This is why I keep multiple computers. Most notably I keep one in virtual lock-down status to use as a financial computer. It stores my financial records and only accesses a very few specific financial sites that I deal with. There is no web browsing on it and no email. Plus it's powered down unless I'm using it which is roughly about once a week.
That doesn't guarantee security of course, but it does improve the odds that my most valuable personal information will be safe from hackers.
You forgot to put it inside a Faraday cage, surrounded by a moat full of sharks, in an airgapped room.
Good thinking! I'll have to had that. But no snakes. I hate snakes! Actually, the computer cost me less than $150 a few years ago. I later wiped and recommissioned it as a financial only machine. It's a ThinkPad T60P with a dual core processor. For my financial stuff it works great. So for little or no money (I would otherwise have just retired the machine), I got a nice insurance policy. No, not a guarantee -- but it does improve my odds.
Comments
AMD chips are not affected by the vulnerability, however depending on how the OS vendors decide to apply the patch, AMD may be slowed down as well. The programmers could provide an exclusion for AMD in the code, but they may also take a scorched earth approach to be on the safe side affecting both AMD and Intel, which would be bad for AMD through no fault of their own.
I just bought a new MacBook Pro at the beginning of 2017, and every now and then I do use it for some serious scientific programming. For some things that take hours to run, a 30% hit is going to be painful. If the chip in that laptop is subject to this bug, then I'm sorry but your dismissive solution is not helpful. There will be numerous updates to the operating system prior to me being ready to purchase a brand new machine, and these OS updates will likely all contain the patch. So your solution would have me freeze my OS until such time as a new machine (without the bug) is available and I can afford to purchase it. That's not a good position to be in, IMO.
I'd argue that right now, most infrastructures are riddled with exploits and mitigation and insuring not everything gets compromised at the same time (so you cn actually monitor for intrusion and have proper fallback backups) is the best that can be done.
Name: <your computer's name>
Other Macs may be vulnerable or not. If any Mac is vulnerable of course Apple will issue a system update.
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
If you just bought a new computer and are within you return period still, would you recommend returning it and wait this Intel problem out?
Im having a hard time understanding why Apple is still selling and shipping out computers with a known defect in the computer chip there using.
2) No.
I guess I should wait and see what happens over the next week or so.
For better or worse, this is getting called KPTI on social media and the Internet as a whole.
... No, I just don't like putting my personal financial info out there for people to steal...
.......You apparently don't care about yours. That's fine.
Actually, the computer cost me less than $150 a few years ago. I later wiped and recommissioned it as a financial only machine. It's a ThinkPad T60P with a dual core processor. For my financial stuff it works great. So for little or no money (I would otherwise have just retired the machine), I got a nice insurance policy. No, not a guarantee -- but it does improve my odds.