Intel Memory Access Design Flaw Already Addressed by Apple in macOS 10.13.2

Wednesday January 3, 2018 11:16 am PST by Juli Clover

A serious design flaw and security vulnerability discovered in Intel CPUs has reportedly already been partially addressed by Apple in the recent macOS 10.13.2 update, which was released to the public on December 6.

12 inch macbook macbook pro duo
According to developer Alex Ionescu, Apple introduced a fix in macOS 10.13.2, with additional tweaks set to be introduced in macOS 10.13.3, currently in beta testing. AppleInsider also says that it has heard from "multiple sources within Apple" that updates made in macOS 10.13.2 have mitigated "most" security concerns associated with the KPTI vulnerability.

The question on everyone's minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the "Double Map" since 10.13.2 -- and with some surprises in 10.13.3 (under Developer NDA so can't talk/show you). cc @i0n1c @s1guza @patrickwardle pic.twitter.com/S1YJ9tMS63 — Alex Ionescu (@aionescu) January 3, 2018

Publicized yesterday, the design flaw in Intel chips allows normal user programs to see some of the contents of the protected kernel memory, potentially giving hackers and malicious programs access to sensitive information like passwords, login keys, and more.

Full details on the vulnerability continue to be unavailable and under embargo, so it's not yet clear just how serious it is, but fixing it involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level. Implementing Kernel Page Table Isolation could cause a performance hit on some machines.

According to The Register, which first shared details on the vulnerability, Windows and Linux machines will see a 5 to 30 percent slowdown once a fix is in place. It appears Macs may not be hit as heavily, as no noticeable performance slowdowns have been reported since the launch of macOS 10.13.2.

Ionescu also says that performance drop on a system with PCID (Process-Context Identifiers), available on most modern Macs, is "minimal," so most users may not see an impact on day-to-day Mac usage.

Tags: Intel, Meltdown-Spectre

Upcoming

WWDC

June 5–9

Apple's new AR/VR headset is expected to be unveiled, along with iOS 17, macOS 14, and more.

Mac Pro

2023

Apple's most powerful Mac will finally shift to Apple silicon.

Apple Headset

June 2023?

Apple's AR/VR headset is coming soon with eye- and gesture-tracking, dual 4K displays, M-series chips, and more. Here's what we know so far.

iOS 17

June 2023

Next-generation version of iOS, set to be previewed at WWDC 2023 in June with a public release in September.

• iMac

• iPhone 15

• iPhone 15 Pro

See full product calendar

Top Rated Comments

pier

71 months ago

What about El Capitan and Sierra?

Score: 35 Votes (Like | Disagree)

alex00100

I'd still replace my battery just to be sure ;)

Score: 27 Votes (Like | Disagree)

RoobyRoobyRoo

Erm...no, 10.13.2 has been out for quite a bit, almost a month ago.

Might have even been in earlier beta's as well.

So quick that it happened in the past! I like this new time-bending Apple.

Score: 13 Votes (Like | Disagree)

SecuritySteve

Anyone know if this applies to security-patches for Sierra / El Capitan?

Score: 10 Votes (Like | Disagree)

CrashX

For anyone interested, using the Potts-Kant benchmarks on the latest releases of both concurrent versions of Mac OS -

We're running benchmark processes concurrently with PCID disabled, employing supplementary reservoir matching sequences throughout our lab here at Duke.

The testing has just begun - so I'll be posting the results here in about an hour, for anyone interested in how their machines might be affected.

Students have been instructed to take the machines through a variety of real world tests -

So we'll be posting that, as well as the conclusive results provided by our benchmark studies - to hopefully help clear the air and provide a more balanced issuance of the possible affections of data-protected kernel-modeling architecture implications.

Score: 9 Votes (Like | Disagree)

belvdr

What do we make of this really? I think someone should do a comparative test on handbrake or anything that solely uses CPU and only then we can tell the difference between 10.13.2 and any previous versions of macOS

This has nothing to do with CPU utilization. Rather, you will see a performance penalty when an applications makes system calls, such as to files or network access. Essentially it occurs when ring 3 needs to access something at the more privileged ring 0.

Score: 8 Votes (Like | Disagree)

Read All Comments

Intel Memory Access Design Flaw Already Addressed by Apple in macOS 10.13.2

Top Rated Comments

Popular Stories

Google to Roll Out New 'Drive for Desktop' App in the Coming Weeks, Replacing Backup & Sync and Drive File Stream Clients

Next Article

Guides

Upcoming

Other Stories