Intel Says New Software Updates Make Computers 'Immune' to Meltdown and Spectre Vulnerabilities

intelIntel today announced that the firmware updates and software patches that are being released for its CPUs render Intel-based computer systems "immune" to both the Spectre and Meltdown exploits that were widely publicized this week.

Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems -- including personal computers and servers -- that render those systems immune from both exploits (referred to as "Spectre" and "Meltdown") reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates.

Intel says updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched.

For Mac users, Apple has already addressed some of the vulnerabilities in the macOS High Sierra 10.13.2 update, and further updates will come in macOS High Sierra 10.13.3. To make sure you're protected as a Mac user, install all of the latest operating system updates and firmware patches. As always, it's also worth avoiding suspicious programs, websites, and links.

Intel today also reiterated that the updates that are being released for Mac, PC, and Linux machines should not significantly impact day to day usage and should, for the most part, be unnoticeable. That seems to be true of the macOS High Sierra 10.13.2 update, as there have been no reports of slowdowns from Mac users.

Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time. While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact.

While hints of an Intel CPU design flaw and security vulnerability surfaced on Tuesday, it wasn't until Wednesday that full details were shared on the Meltdown and Spectre exploits, which take advantage of the speculative execution mechanism of a CPU.

Meltdown impacts Intel CPUs, allowing a malicious program to access data from the memory of running apps, providing passwords, emails, documents, photos, and more. Meltdown can be exploited to read the entire physical memory of a target machine, and it can be done through something as simple as a website. The vulnerability is particularly problematic for cloud-based services.

Spectre, which breaks the isolation between different applications, is a wider hardware-based problem impacting all modern Intel, ARM, and AMD processors. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.

While patches are going out that appear to prevent the current known Meltdown and Spectre exploits, these speculative execution vulnerabilities will continue to be a problem for years to come, according to security researchers. Similar vulnerabilities will surface, and while performance impacts from software-based workarounds are minor, they're still present.

Paul Kocher, one of the security researchers who helped discover the flaws, told The New York Times that this will be a "festering problem over hardware life cycles." "It's not going to change tomorrow or the day after," he said. "It's going to take awhile."

Top Rated Comments

unashamedgeek Avatar
43 months ago
Getting blown into a much bigger deal than it is.
I think that is going to depend on your definition of a "big deal". I know this is going to be a big deal in my world of pen testing for some time to come as exploits get released. Being able to jump from ring 3 to ring 0 is the main goal once gaining a foothold on a system. Additionally, Mozilla has stated they have proven that a browser can be used to exploit these so if XSS can be used to pull memory contents, I'm going to have some fun engagements coming up.

EDIT: I forgot to even discuss the potential issues with host and guest systems. Popping a guest OS and being able to access memory on the host, now we're really talking full compromise.
Score: 11 Votes (Like | Disagree)
longofest Avatar
43 months ago
Intel today also reiterated that the updates that are being released for Mac, PC, and Linux machines should not significantly impact day to day usage and should, for the most part, be unnoticeable.
However, if you are running any kind of significant workload that access the kernel frequently, such as frequent I/O requests used in database applications, then the impact is actually quite severe. People have seen their cloud services go to crap as the providers apply the patches.

I get that most day to day users may not care about this on their desktops, but step back and think about this a minute. You have a potentially 20-30% CPU performance hit on the cloud. That means that in order to achieve the same performance this week as they did last week, cloud computing providers will have to bump their capacity by potentially 20-30%. Along with that comes more power demands which renewable sources may or may not be able to meet...

Some of you are saying "this is getting blown out of proportions." I say the impacts of this are just starting to be felt.
Score: 8 Votes (Like | Disagree)
jclo Avatar
43 months ago
I pretty sure that so far they have only worked to patch Meltdown. My system is up to date and the Spectre PoC released by Google still works on my MacBook Pro.
Another instance where I really wish Apple would provide us with some clarification and additional information.
Score: 5 Votes (Like | Disagree)
EdwardC Avatar
43 months ago
But then I would have to update to High Sierra..... What to do.......
https://support.apple.com/en-gb/HT208331

Possibly not.
Score: 4 Votes (Like | Disagree)
unashamedgeek Avatar
43 months ago
For Mac users, Apple has already addressed the vulnerabilities ('https://www.macrumors.com/2018/01/03/intel-design-flaw-fixed-macos-10-13-2/') in the macOS High Sierra 10.13.2 update, and further updates will come in macOS High Sierra 10.13.3.
I pretty sure that so far they have only worked to patch Meltdown. My system is up to date and the Spectre PoC released by Google still works on my MacBook Pro.
Score: 2 Votes (Like | Disagree)
coolfactor Avatar
43 months ago
But then I would have to update to High Sierra..... What to do.......
Is there something stopping you from updating to High Sierra? It works great.
[doublepost=1515110243][/doublepost]
Does this affect a Mac running Mavericks?
Yes.
[doublepost=1515110410][/doublepost]
I’m really curious to see some benchmarks of before and after. Gladly with this amount of people with too much free time on websites such as this I can be confident there will be plenty soon.
Benchmarks will be pretty non-informative, as benchmarking software tends to max out the CPU and therefore may over-exaggerate the effects that one would experience. It's been reported that the fixes are "barely noticeable" in day-to-day computing. Only very specific applications may run into a performance reduction, and likely not as noticeable as media wants us to believe.
[doublepost=1515110506][/doublepost]
What about people that don’t want to upgrade to 10.13? My 2013 MBP is still running El Cap. We’re these released in security updates??
Do yourself a favour. Update to 10.13 AND ensure you are using an SSL internally, and your four-year old computer will feel newer than new. Performance will be incredible.

Is there something keeping you on El Cap other than fear?
Score: 2 Votes (Like | Disagree)

Top Stories

siir apple event april 20

Siri Reveals Apple Event Planned for Tuesday, April 20

Tuesday April 13, 2021 12:04 am PDT by
Siri has apparently prematurely revealed that Apple plans to hold an event on Tuesday, April 20, where the company is expected to reveal brand new iPad Pro models and possibly its long-awaited AirTags trackers. Subscribe to the MacRumors YouTube channel for more videos. Upon being asked "When is the next Apple Event," Siri is currently responding with, "The special event is on Tuesday, April...
apple event spring loaded

Apple's 'Spring Loaded' Event Officially Announced for Tuesday, April 20

Tuesday April 13, 2021 9:04 am PDT by
Following an overnight leak by Siri, Apple today officially announced that it will be holding a special "Spring Loaded" event on Tuesday, April 20 at 10:00 a.m. Pacific Time at the Steve Jobs Theater on the Apple Park campus in Cupertino, California. As with all of Apple's 2020 events, the April 2021 event will be a digital-only gathering with no members of the media invited to attend in...
apple event hashflag

Twitter Hashflag for April 20 Apple Event Goes Live

Tuesday April 13, 2021 2:21 pm PDT by
Following the overnight Siri leak and subsequent announcement that Apple will hold a media event on Tuesday, April 20, a new Twitter hashflag has appeared to help provide visibility for the event on the platform. For the last several recent events, Apple has utilized hashflags, which are little icons next to hashtags on Twitter, as a way to market its events. The company first started the...
iphone12cameras

Kuo: 2022 iPhones to Feature 48-Megapixel Camera, 8K Video, and 6.1 and 6.7" Sizes With No 5.4" Mini Option

Tuesday April 13, 2021 10:45 pm PDT by
The upcoming 2022 iPhone lineup will feature two 6.1-inch devices and two 6.7-inch devices, with no mini-sized 5.4-inch iPhone, well-respected Apple analyst Ming-Chi Kuo said in a note to investors that was seen by MacRumors. Two of the iPhones will be high-end models and two of the iPhones will be lower-end models, similar to the current iPhone 12 lineup. Apple introduced the 5.4-inch...
macos catalina serial number

Apple Preparing Rollout of New Randomized Product Serial Numbers Ahead of 'Spring Loaded' Event

Wednesday April 14, 2021 2:08 am PDT by
Apple is advising its authorized premium resellers and dealers to prepare for new products with 10 and 12 digital serial numbers, days ahead of when it's expected to reveal a slew of new products. MacRumors previously reported that Apple plans to switch to randomized serial numbers for future products starting in early 2021. The company now seems to be preparing for that roll-out, telling...
duanrui iphone13 notch samples

More Leaked iPhone 13 Samples Show Smaller Notch, Repositioned Earpiece and Front Camera

Wednesday April 14, 2021 1:06 am PDT by
Leaker known as "DuanRui" has today shared an image of two iPhone 13 "film samples," which show the same rumored smaller notch design coming to the iPhone 13 series that we've seen from other sources. In past tweets, DuanRui has accurately leaked the correct names of the iPhone 12 models and an iPad Air 4 manual revealing its new design, so there's good reason to think this leak is credible, ...
Google maps feaure green

Google Maps App for iOS Finally Updated After Four Months

Monday April 12, 2021 10:03 am PDT by
Following the completed rollout of App Privacy labels for its App Store apps, Google today updated the Google Maps app for the first time in four months. Apple in December began requiring all new app submissions and app updates to include App Privacy labels, detailing the data that is collected by the app so consumers know what they're sharing. Google didn't begin implementing App Privacy ...
iPad Pro Mini LED

Mini-LED iPad Pro Expected at Apple Event on April 20 as Production Ramps Up

Tuesday April 13, 2021 9:53 am PDT by
Apple today announced that it will be hosting a virtual event on Tuesday, April 20 at 10 a.m. Pacific Time, and one of the new products expected to be unveiled at the event is a new iPad Pro with a Mini-LED display. In a brief snippet shared with paid subscribers, Taiwanese supply chain news website DigiTimes today reported that Apple supplier Ennostar has substantially improved its yield...
apple event particularly innovative article

Gurman: Apple's 'Spring Loaded' Event Won't Feature Anything 'Particularly Innovative'

Thursday April 15, 2021 1:30 am PDT by
Bloomberg's highly-respected Mark Gurman says that he expects nothing "particularly innovative" or "extraordinary" to launch at Apple's "Spring Loaded" event next week, Tuesday, April 20. Gurman made the remarks during an interview for Bloomberg Technology, in which he reaffirmed that Apple will launch a new 11-inch and 12.9-inch iPad Pro, with the higher-end model featuring a brand new...
spotify car thing 1

Spotify Announces the 'Car Thing' as its First Hardware Device

Tuesday April 13, 2021 7:03 am PDT by
Spotify has today announced its first hardware device, the "Car Thing," which is an in-car dash-mounted music and podcast player (via TechCrunch). Spotify is looking to provide a product for customers who want a "more seamless" and personalized in-car listening experience, especially in the large number of cars that do not support modern in-car infotainment systems. The Car Thing is aimed ...