Fix the Intel CPU Flaw will Weaken Mac Performance
Recently, Intel CPU has been exposed to a major security vulnerabilities, this vulnerability can lead to hackers’ access to the PC kernel memory data, including user account and password, application files, file caching and so on. This chip flaw is not easy to solve and must be repaired on the operating system, but even after it has been repaired, it will have a performance hit on the world’s computers.
Currently, Intel CPU vulnerability information is not yet publicly available on the web, but it is known as “the lowest-level design flaw in Intel processors in the past decade.” Not only can a hacker exploit this vulnerability to gain access to a user’s protected content, they can even abuse that content through unlawful processes.
Companies including Intel, Microsoft and Apple are said to be working overtime to research the solution. The flaw, as the matter of fact, could be fixed, but biggest problem is, the fixed patch may lead to PC and Mac performance decline, which between 5% and 30%, it is not yet clear what decline is right now. Patching this vulnerability will affect the underlying functionality of the system call, so it will affect software compilation, virtual machine running, etc.
According to developer Alex Ionescu, macOS 10.13.2, originally released on December 6th, includes a fix for the kernel security bug. Furthermore, additional fixes are purportedly included in macOS 10.13.3, which is still in beta testing.
AppleInsider also says that “multiple sources within Apple” have said macOS 10.13.2 fixed “most” of the security holes. Meanwhile, Linux and Microsoft developers are still in the process of deploying their respective fixes.
The Register expects Microsoft to release the patch to public on next Tuesday (January 9, 2018). These changes will appear in the upcoming Linux kernel version, and Apple may also make similar changes to macOS in the near future.
Intel’s statement is interesting in that it seems to focus more on the media coverage of the bug rather than the bug itself.
Here is Intel’s full statement:
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied. Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.