Intel Says New Software Updates Make Computers 'Immune' to Meltdown and Spectre Vulnerabilities

intelIntel today announced that the firmware updates and software patches that are being released for its CPUs render Intel-based computer systems "immune" to both the Spectre and Meltdown exploits that were widely publicized this week.

Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems -- including personal computers and servers -- that render those systems immune from both exploits (referred to as "Spectre" and "Meltdown") reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates.

Intel says updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched.

For Mac users, Apple has already addressed some of the vulnerabilities in the macOS High Sierra 10.13.2 update, and further updates will come in macOS High Sierra 10.13.3. To make sure you're protected as a Mac user, install all of the latest operating system updates and firmware patches. As always, it's also worth avoiding suspicious programs, websites, and links.

Intel today also reiterated that the updates that are being released for Mac, PC, and Linux machines should not significantly impact day to day usage and should, for the most part, be unnoticeable. That seems to be true of the macOS High Sierra 10.13.2 update, as there have been no reports of slowdowns from Mac users.

Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time. While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact.

While hints of an Intel CPU design flaw and security vulnerability surfaced on Tuesday, it wasn't until Wednesday that full details were shared on the Meltdown and Spectre exploits, which take advantage of the speculative execution mechanism of a CPU.

Meltdown impacts Intel CPUs, allowing a malicious program to access data from the memory of running apps, providing passwords, emails, documents, photos, and more. Meltdown can be exploited to read the entire physical memory of a target machine, and it can be done through something as simple as a website. The vulnerability is particularly problematic for cloud-based services.

Spectre, which breaks the isolation between different applications, is a wider hardware-based problem impacting all modern Intel, ARM, and AMD processors. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.

While patches are going out that appear to prevent the current known Meltdown and Spectre exploits, these speculative execution vulnerabilities will continue to be a problem for years to come, according to security researchers. Similar vulnerabilities will surface, and while performance impacts from software-based workarounds are minor, they're still present.

Paul Kocher, one of the security researchers who helped discover the flaws, told The New York Times that this will be a "festering problem over hardware life cycles." "It's not going to change tomorrow or the day after," he said. "It's going to take awhile."

Top Rated Comments

unashamedgeek Avatar
77 months ago
Getting blown into a much bigger deal than it is.
I think that is going to depend on your definition of a "big deal". I know this is going to be a big deal in my world of pen testing for some time to come as exploits get released. Being able to jump from ring 3 to ring 0 is the main goal once gaining a foothold on a system. Additionally, Mozilla has stated they have proven that a browser can be used to exploit these so if XSS can be used to pull memory contents, I'm going to have some fun engagements coming up.

EDIT: I forgot to even discuss the potential issues with host and guest systems. Popping a guest OS and being able to access memory on the host, now we're really talking full compromise.
Score: 11 Votes (Like | Disagree)
longofest Avatar
77 months ago
Intel today also reiterated that the updates that are being released for Mac, PC, and Linux machines should not significantly impact day to day usage and should, for the most part, be unnoticeable.
However, if you are running any kind of significant workload that access the kernel frequently, such as frequent I/O requests used in database applications, then the impact is actually quite severe. People have seen their cloud services go to crap as the providers apply the patches.

I get that most day to day users may not care about this on their desktops, but step back and think about this a minute. You have a potentially 20-30% CPU performance hit on the cloud. That means that in order to achieve the same performance this week as they did last week, cloud computing providers will have to bump their capacity by potentially 20-30%. Along with that comes more power demands which renewable sources may or may not be able to meet...

Some of you are saying "this is getting blown out of proportions." I say the impacts of this are just starting to be felt.
Score: 8 Votes (Like | Disagree)
jclo Avatar
77 months ago
I pretty sure that so far they have only worked to patch Meltdown. My system is up to date and the Spectre PoC released by Google still works on my MacBook Pro.
Another instance where I really wish Apple would provide us with some clarification and additional information.
Score: 5 Votes (Like | Disagree)
EdwardC Avatar
77 months ago
But then I would have to update to High Sierra..... What to do.......
https://support.apple.com/en-gb/HT208331

Possibly not.
Score: 4 Votes (Like | Disagree)
unashamedgeek Avatar
77 months ago
For Mac users, Apple has already addressed the vulnerabilities ('https://www.macrumors.com/2018/01/03/intel-design-flaw-fixed-macos-10-13-2/') in the macOS High Sierra 10.13.2 update, and further updates will come in macOS High Sierra 10.13.3.
I pretty sure that so far they have only worked to patch Meltdown. My system is up to date and the Spectre PoC released by Google still works on my MacBook Pro.
Score: 2 Votes (Like | Disagree)
coolfactor Avatar
77 months ago
But then I would have to update to High Sierra..... What to do.......
Is there something stopping you from updating to High Sierra? It works great.
[doublepost=1515110243][/doublepost]
Does this affect a Mac running Mavericks?
Yes.
[doublepost=1515110410][/doublepost]
I’m really curious to see some benchmarks of before and after. Gladly with this amount of people with too much free time on websites such as this I can be confident there will be plenty soon.
Benchmarks will be pretty non-informative, as benchmarking software tends to max out the CPU and therefore may over-exaggerate the effects that one would experience. It's been reported that the fixes are "barely noticeable" in day-to-day computing. Only very specific applications may run into a performance reduction, and likely not as noticeable as media wants us to believe.
[doublepost=1515110506][/doublepost]
What about people that don’t want to upgrade to 10.13? My 2013 MBP is still running El Cap. We’re these released in security updates??
Do yourself a favour. Update to 10.13 AND ensure you are using an SSL internally, and your four-year old computer will feel newer than new. Performance will be incredible.

Is there something keeping you on El Cap other than fear?
Score: 2 Votes (Like | Disagree)

Popular Stories

iOS 17

iOS 17.2 Will Add These 12 New Features to Your iPhone

Friday December 1, 2023 12:19 pm PST by
iOS 17.2 has been in beta testing for over a month, and it should be released to all users in a few more weeks. The software update includes many new features and changes for iPhones, including the dozen that we have highlighted below. iOS 17.2 is expected to be released to the public in mid-December. To learn about even more features coming in the update, check out our full list. Journal ...
iOS 17

28 New Things Your iPhone Can Do in December's iOS 17.2 Update

Friday December 1, 2023 2:57 am PST by
Apple made the first beta of iOS 17.2 available to developers in October. Since then we've seen three more betas, and with each iteration Apple continues to add more new features and changes, many of which users have been anticipating for quite a while. Below, we've listed 28 new things that are coming to your iPhone when the finalized version is publicly released this December. 1. Help...
anker new xmas 1

Anker's Cyber Week Sale Enters Final Days With Up to 60% Off Sitewide

Friday December 1, 2023 12:05 pm PST by
Anker's Black Friday/Cyber Week event is entering its final days this weekend, and it's still offering up to 60 percent off sitewide. There are also a few "mystery boxes" that can include hundreds of dollars in savings, if you're willing to risk not knowing what you're buying ahead of time. All of these sales will end on December 3. Note: MacRumors is an affiliate partner with Anker. When you...
iOS 17

Apple Releases iOS 17.1.2 With Security Fixes

Thursday November 30, 2023 10:12 am PST by
Apple today released iOS 17.1.2 and iPadOS 17.1.2, small updates to the iOS 17 and iPadOS 17 operating systems that Apple introduced in September. iOS 17.1.2 and iPadOS 17.1.2 come a few weeks after the release of iOS 17.1.1, another bug fix update. iOS 17.1.2 and iPadOS 17.1.2 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update....
iPhone 16 Mock Header Updated 1

iPhone 16 to Include Action Button Across Entire Lineup

Thursday November 30, 2023 4:08 pm PST by
The release of the iPhone 15 Pro and Pro Max saw the introduction of an entirely new user-configurable button known as the Action button, and now, MacRumors has seen extensive evidence confirming Apple is planning to include the Action button on the entire iPhone 16 range. Designs and plans for the Action button date back to at least 2021, as the button was intended for release alongside hapt...
General Apps Messages

Green Bubbles on iPhone to Gain These 7 New Features Next Year

Thursday November 30, 2023 9:00 am PST by
Earlier this month, Apple announced that it will finally support RCS in the Messages app on the iPhone starting later next year. This change will result in several improvements to the messaging experience between iPhones and Android devices. RCS will become the new default standard for messaging between iPhones and Android devices, but these conversations will still have green bubbles like...
top stories 2dec2023

Top Stories: iOS 17.1.2 Released, NameDrop Misinformation, and More

Saturday December 2, 2023 6:00 am PST by
Apple employees are back to work following a Thanksgiving break, and that means this week saw a number of new operating system updates for both public release and beta testing. This week also saw some misinformation about Apple's new NameDrop feature making the rounds, while Apple and Goldman Sachs appear to be on the verge of a break-up in their Apple Card and savings account partnership,...
paramount plus logo

Apple and Paramount Considering Discounted TV+ Streaming Bundle

Friday December 1, 2023 4:40 am PST by
Apple and Paramount have discussed bundling their TV streaming services at a discount, according to a new report by The Wall Street Journal. The companies have talked about offering a combination of Paramount+ and Apple TV+ that would cost less than subscribing to both services separately, according to people familiar with the discussions. The discussions are in their early stages, and it is ...