"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
Intel Memory Access Design Flaw Already Addressed by Apple in macOS 10.13.2
A serious design flaw and security vulnerability discovered in Intel CPUs has reportedly already been partially addressed by Apple in the recent macOS 10.13.2 update, which was released to the public on December 6.
According to developer Alex Ionescu, Apple introduced a fix in macOS 10.13.2, with additional tweaks set to be introduced in macOS 10.13.3, currently in beta testing. AppleInsider also says that it has heard from "multiple sources within Apple" that updates made in macOS 10.13.2 have mitigated "most" security concerns associated with the KPTI vulnerability.
Full details on the vulnerability continue to be unavailable and under embargo, so it's not yet clear just how serious it is, but fixing it involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level. Implementing Kernel Page Table Isolation could cause a performance hit on some machines.
According to The Register, which first shared details on the vulnerability, Windows and Linux machines will see a 5 to 30 percent slowdown once a fix is in place. It appears Macs may not be hit as heavily, as no noticeable performance slowdowns have been reported since the launch of macOS 10.13.2.
Ionescu also says that performance drop on a system with PCID (Process-Context Identifiers), available on most modern Macs, is "minimal," so most users may not see an impact on day-to-day Mac usage.
According to developer Alex Ionescu, Apple introduced a fix in macOS 10.13.2, with additional tweaks set to be introduced in macOS 10.13.3, currently in beta testing. AppleInsider also says that it has heard from "multiple sources within Apple" that updates made in macOS 10.13.2 have mitigated "most" security concerns associated with the KPTI vulnerability.
The question on everyone's minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the "Double Map" since 10.13.2 -- and with some surprises in 10.13.3 (under Developer NDA so can't talk/show you). cc @i0n1c @s1guza @patrickwardle pic.twitter.com/S1YJ9tMS63
— Alex Ionescu (@aionescu) January 3, 2018
Full details on the vulnerability continue to be unavailable and under embargo, so it's not yet clear just how serious it is, but fixing it involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level. Implementing Kernel Page Table Isolation could cause a performance hit on some machines.
According to The Register, which first shared details on the vulnerability, Windows and Linux machines will see a 5 to 30 percent slowdown once a fix is in place. It appears Macs may not be hit as heavily, as no noticeable performance slowdowns have been reported since the launch of macOS 10.13.2.
Ionescu also says that performance drop on a system with PCID (Process-Context Identifiers), available on most modern Macs, is "minimal," so most users may not see an impact on day-to-day Mac usage.
Tags: Intel, Meltdown-Spectre
[ 143 comments ]
Top Rated Comments
(View all)
14 months ago
Erm...no, 10.13.2 has been out for quite a bit, almost a month ago.
Might have even been in earlier beta's as well.
So quick that it happened in the past! I like this new time-bending Apple.
14 months ago
Anyone know if this applies to security-patches for Sierra / El Capitan?
14 months ago
For anyone interested, using the Potts-Kant benchmarks on the latest releases of both concurrent versions of Mac OS -
We're running benchmark processes concurrently with PCID disabled, employing supplementary reservoir matching sequences throughout our lab here at Duke.
The testing has just begun - so I'll be posting the results here in about an hour, for anyone interested in how their machines might be affected.
Students have been instructed to take the machines through a variety of real world tests -
So we'll be posting that, as well as the conclusive results provided by our benchmark studies - to hopefully help clear the air and provide a more balanced issuance of the possible affections of data-protected kernel-modeling architecture implications.
We're running benchmark processes concurrently with PCID disabled, employing supplementary reservoir matching sequences throughout our lab here at Duke.
The testing has just begun - so I'll be posting the results here in about an hour, for anyone interested in how their machines might be affected.
Students have been instructed to take the machines through a variety of real world tests -
So we'll be posting that, as well as the conclusive results provided by our benchmark studies - to hopefully help clear the air and provide a more balanced issuance of the possible affections of data-protected kernel-modeling architecture implications.
14 months ago
What do we make of this really? I think someone should do a comparative test on handbrake or anything that solely uses CPU and only then we can tell the difference between 10.13.2 and any previous versions of macOS
This has nothing to do with CPU utilization. Rather, you will see a performance penalty when an applications makes system calls, such as to files or network access. Essentially it occurs when ring 3 needs to access something at the more privileged ring 0.
14 months ago
It will be interesting to see the benchmarks from 10.13.1 and 10.13.2/10.13.3 to see the real impact on performance
14 months ago
So, what does the ‘double map’ do anyway?
Essentially, the vulnerability resides in Intel Processors ability to 'speculate' as to what code needs to be executed next, and execute it in advance so that it is cached and ready for the real execution. The vulnerability allows for the security context of that code execution to escalate from user land (referred to as ring 3) to kernel land (referred to as ring 0). The significance is that the Kernel memory houses sensitive information on the system that, once read, can be leveraged to escalate privileges. Double mapping adds an additional buffer between the kernel and user, which mitigates but doesn't completely solve the vulnerability. That is why additional 'tweaks' are necessary in 10.13.3.
14 months ago
Yes, it was fixed (at least partially, read the full document to have more infos)
on Dec 6th as you can read here
https://support.apple.com/en-us/HT208331
P.s. Sorry it was already posted , I saw it just now
Better two than none:rolleyes:..... I don't know how to delete it this post
There’s no evidence that says 10.11 & 10.12 have been patches. The CVE’s/descriptions in Apple’s patch notes don’t align with the CVE’s/descriptions in Google’s post. Every page I’ve investigated that claims it’s been patched has either pointed to the aforementioned patch notes, or literally say ‘an anonymous source said’...
Furthering my skepticism, back when it occurred, Apple directly stated that they’d addressed the major security flaw known as ‘Shellshock’, so there’s precedent of Apple directly saying ‘this issue’s fixed’.
Granted, Apple may come out and say that patch in question DID mitigate (most of) the Meltdown risk, but I’d be wary of counting your systems as patched until we get a definitive answer.
[ Read All Comments ]
For those of you who like to rearrange the Home screen on your iPhone and iPad to organize your apps, you might be interested to know that there's a handy little hidden feature for moving...
Commonwealth Bank (CBA) today implemented support for Apple Pay, making it the second of Australia's "Big Four" banks to offer the payments service. CBA is the biggest retail bank in...
Netflix today launched a new Instagram integration that's designed to allow Instagram users to share their favorite movies and TV shows in Stories, reports Variety.
The feature can be used...
Twitter today announced that it has started rolling out a new, simplified interface on the web, which is available to some users starting today.
The updated interface features a two-column...
Alongside the release of iOS 12.1.3, the latest update to the iOS 12 operating system, Apple has released new 12.1.13 software that's designed for the HomePod.
The new HomePod software will...
Apple today released watchOS 5.1.3, the fourth update to the watchOS 5 operating system that runs on modern Apple Watch models. watchOS 5.1.3 comes more than a month after the release of watchOS...
Apple today released macOS Mojave 10.14.3, the third update to the macOS Mojave operating system that first launched in September. macOS 10.14.3 comes six weeks after the launch of macOS Mojave...
Apple today released tvOS 12.1.2, the fourth update to the tvOS 12 operating system designed for the fourth and fifth-generation Apple TV models. tvOS 12.1.2 comes more than a month after the launch...
