Intel Memory Access Design Flaw Already Addressed by Apple in macOS 10.13.2

A serious design flaw and security vulnerability discovered in Intel CPUs has reportedly already been partially addressed by Apple in the recent macOS 10.13.2 update, which was released to the public on December 6.

According to developer Alex Ionescu, Apple introduced a fix in macOS 10.13.2, with additional tweaks set to be introduced in macOS 10.13.3, currently in beta testing. AppleInsider also says that it has heard from "multiple sources within Apple" that updates made in macOS 10.13.2 have mitigated "most" security concerns associated with the KPTI vulnerability.

Publicized yesterday, the design flaw in Intel chips allows normal user programs to see some of the contents of the protected kernel memory, potentially giving hackers and malicious programs access to sensitive information like passwords, login keys, and more.

Full details on the vulnerability continue to be unavailable and under embargo, so it's not yet clear just how serious it is, but fixing it involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level. Implementing Kernel Page Table Isolation could cause a performance hit on some machines.

According to The Register, which first shared details on the vulnerability, Windows and Linux machines will see a 5 to 30 percent slowdown once a fix is in place. It appears Macs may not be hit as heavily, as no noticeable performance slowdowns have been reported since the launch of macOS 10.13.2.

Ionescu also says that performance drop on a system with PCID (Process-Context Identifiers), available on most modern Macs, is "minimal," so most users may not see an impact on day-to-day Mac usage.

Top Rated Comments

(View all)

27 months ago
What about El Capitan and Sierra?
Rating: 35 Votes
27 months ago
I'd still replace my battery just to be sure ;)
Rating: 27 Votes
27 months ago, 10.13.2 has been out for quite a bit, almost a month ago.

Might have even been in earlier beta's as well.

So quick that it happened in the past! I like this new time-bending Apple.
Rating: 13 Votes
27 months ago
Anyone know if this applies to security-patches for Sierra / El Capitan?
Rating: 10 Votes
27 months ago
For anyone interested, using the Potts-Kant benchmarks on the latest releases of both concurrent versions of Mac OS -

We're running benchmark processes concurrently with PCID disabled, employing supplementary reservoir matching sequences throughout our lab here at Duke.

The testing has just begun - so I'll be posting the results here in about an hour, for anyone interested in how their machines might be affected.

Students have been instructed to take the machines through a variety of real world tests -

So we'll be posting that, as well as the conclusive results provided by our benchmark studies - to hopefully help clear the air and provide a more balanced issuance of the possible affections of data-protected kernel-modeling architecture implications.
Rating: 9 Votes
27 months ago

What do we make of this really? I think someone should do a comparative test on handbrake or anything that solely uses CPU and only then we can tell the difference between 10.13.2 and any previous versions of macOS

This has nothing to do with CPU utilization. Rather, you will see a performance penalty when an applications makes system calls, such as to files or network access. Essentially it occurs when ring 3 needs to access something at the more privileged ring 0.
Rating: 8 Votes
27 months ago
Didn't see any performance drop on my Macs.
Rating: 8 Votes
27 months ago
It will be interesting to see the benchmarks from 10.13.1 and 10.13.2/10.13.3 to see the real impact on performance
Rating: 7 Votes
27 months ago

So, what does the ‘double map’ do anyway?

Essentially, the vulnerability resides in Intel Processors ability to 'speculate' as to what code needs to be executed next, and execute it in advance so that it is cached and ready for the real execution. The vulnerability allows for the security context of that code execution to escalate from user land (referred to as ring 3) to kernel land (referred to as ring 0). The significance is that the Kernel memory houses sensitive information on the system that, once read, can be leveraged to escalate privileges. Double mapping adds an additional buffer between the kernel and user, which mitigates but doesn't completely solve the vulnerability. That is why additional 'tweaks' are necessary in 10.13.3.
Rating: 5 Votes
27 months ago

Yes, it was fixed (at least partially, read the full document to have more infos)
on Dec 6th as you can read here

P.s. Sorry it was already posted , I saw it just now
Better two than none:rolleyes:..... I don't know how to delete it this post

There’s no evidence that says 10.11 & 10.12 have been patches. The CVE’s/descriptions in Apple’s patch notes don’t align with the CVE’s/descriptions in Google’s post. Every page I’ve investigated that claims it’s been patched has either pointed to the aforementioned patch notes, or literally say ‘an anonymous source said’...

Furthering my skepticism, back when it occurred, Apple directly stated that they’d addressed the major security flaw known as ‘Shellshock’, so there’s precedent of Apple directly saying ‘this issue’s fixed’.

Granted, Apple may come out and say that patch in question DID mitigate (most of) the Meltdown risk, but I’d be wary of counting your systems as patched until we get a definitive answer.
Rating: 4 Votes

[ Read All Comments ]