Skip to comments.
Horrific Security Flaw Affects Decade of Intel Processors
www.popularmechanics.com ^
| 03 January 2018
| By Eric Limer
Posted on 01/03/2018 1:55:39 PM PST by Red Badger
click here to read article
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-60, 61-80, 81-100, 101-111 next last
To: Red Badger; dayglored; Swordmaker
61
posted on
01/03/2018 5:46:35 PM PST
by
upchuck
(President Trump is great because he actually runs something other than his mouth!)
To: w1andsodidwe
You didn’t administer any beatings? They expect that, you know.
To: Red Badger
To: Red Badger; dayglored
It looks as if Apple was already on top of this Intel vulnerability:
Apple has already partially implemented fix in macOS for 'KPTI' Intel CPU security flaw
By Mike Wuerthele
Wednesday, January 03, 2018, 11:18 am PT (02:18 pm ET)After a public disclosure of a security flaw with nearly every Intel processor produced for the last 15 years, concern grew that a fix may take up to 30 percent of the processing power away from a system. But Apple appears to have at least partially fixed the problem with December's macOS 10.13.2 —and more fixes appear to be coming in 10.13.3.
Multiple sources within Apple not authorized to speak on behalf of the company have confirmed to AppleInsider that there are routines in 10.13.2 to secure the flaw that could grant applications access to protected kernel memory data. These measures, coupled with existing programming requirements about kernel memory that Apple implemented over a decade appear to have mitigated most, if not all, of the security concerns associated with the flaw publicized on Tuesday.
Further confirming the fixes, developer Alex Ionescu has further identified the code that fixed the issue, and is calling it the "Double Map."
Our sources, as well as Ionescu, say that there are more changes in the macOS High Sierra 10.13.3 —but both declined comment on what they may be, or what else is required to totally secure users.
AppleInsider is in the midst of comparative speed testing on a 2017 MacBook Pro. Early indications are that there are no notable slowdowns between a system running macOS High Sierra 10.13.1 and 10.13.2.
Mitigations by Linux code-base maintainers are underway, as are changes by Microsoft to protect Windows users. In response to a query, Microsoft told AppleInsider that they had no comment on a timetable of a release to fix the security flaw at this time, but kernel memory handling was altered by the company in Windows 10 beta builds in the end of 2017.
Potentially at risk from the flaw is anything contained in kernel memory, such as passwords, application keys, and file caches. Details surrounding the bug, and how to exploit it, are still under wraps.
Intel is unable to fix the flaw with a firmware update.
Aside from macOS, Microsoft's Windows and Linux are also open to the vulnerability. Beyond personal computers, some believe cloud services like Amazon EC2, Microsoft Azure and Google Compute Engine are impacted by the bug and will need to be updated.
Amazon has alerted its customers to a large security update coming to AWS in February. Microsoft's Azure service has a maintenance period scheduled for Jan. 10.
64
posted on
01/03/2018 6:11:36 PM PST
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
To: Red Badger
Back in the 80s I had an IBM XT clone that had a Turbo Boost button on the front. I think all it did was turn on a light..................
Leaving the button off slowed your PC to 4.77 MHz. Turning it on let it run at whatever the advertised speed was (16, 20, 33, 66). It was found on 80286, 386, and 486 machines.
Many games timed off of the original 4.77 MHz chip speed on the PC. They would not run at higher speeds. The button gave you backwards compatibility for these games.
To: Red Badger
Thank goodness I’m on my AMD FX-8350 as I type ...... yeah, she’s old and she’s not the fastest CPU in the world but she don’t have this steenking vulnerability!!!
66
posted on
01/03/2018 6:14:52 PM PST
by
usconservative
(When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
To: AFreeBird
Apple uses intel on Macs. But phones and pads dont. It turns out that Apple patched for this Intel vulnerability on December 6, 2017. . . so it's not a problem. It's not an issue on Macs now and no slowdown in the operations.
67
posted on
01/03/2018 6:22:22 PM PST
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
To: Red Badger
68
posted on
01/03/2018 6:22:55 PM PST
by
ConservativeMind
(Trump: Befuddling Democrats, Republicans, and the Media for the benefit of the US and all mankind.)
To: Swordmaker
It's not an issue on Macs now and no slowdown in the operations. Would be interesting to see before & after patch performance benchmarks for Microsoft, Apple and Linux. Any future lawsuits against Intel for this vulnerability are going to depend on/require demonstration of loss of performance.
69
posted on
01/03/2018 6:31:29 PM PST
by
usconservative
(When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
To: Red Badger
Intel has had backdoors forever, as per our “government” requests.
To: Red Badger
Windows has another undocumented “feature”?? Who would have thought........?
71
posted on
01/03/2018 6:40:36 PM PST
by
HP8753
(Live Free!!!! .............or don't.)
To: Windflier; Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; amigatec; AppyPappy; arnoldc1; ...
72
posted on
01/03/2018 6:44:49 PM PST
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
To: martin_fierro
Per this article, AMD and ARM chips are also impacted: There are two vulnerabilities only one of which is the Intel vulnerability. The other, called Spectre can effect the AMD and ARM processors, especially mobile devices such as cellular phones and tablets, for it to be exploited required the following:
"In order to exploit the flaw the "attacker gains physical access by manually updating the platform with a malicious firmware image through flash programmer physically connected to the platforms flash memory."
So it's not really too much of a serious exploit. "Physical access" and "manually updating" the device's firmware. Right. Sure.
73
posted on
01/03/2018 6:58:15 PM PST
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
To: Swordmaker
>
It turns out that Apple patched for this Intel vulnerability on December 6, 2017. . . so it's not a problem. It's not an issue on Macs now and no slowdown in the operations. Does that apply to all supported versions, or only High Sierra? I.e. Has Apple rolled out fixes for older versions, -or- will older versions get a fix in the future, -or- does this force us all to upgrade?
74
posted on
01/03/2018 7:09:43 PM PST
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
To: Swordmaker
And it seems, according to the wording, that the “physical” stuff only applies to the AMD and ARM chips.
75
posted on
01/03/2018 7:12:57 PM PST
by
SgtHooper
(If you remember the 60's, YOU WEREN'T THERE!)
To: Pollard
76
posted on
01/03/2018 7:23:04 PM PST
by
Spktyr
(Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
To: cyberstoic
77
posted on
01/03/2018 7:23:18 PM PST
by
Spktyr
(Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
To: ImJustAnotherOkie
Apple’s is already patched as of 10.13.2 (which has been out a while) and further steps will be taken in 10.13.3, currently in dev beta. 10.13.2 shows no significant speed loss.
78
posted on
01/03/2018 7:24:21 PM PST
by
Spktyr
(Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
To: Swordmaker
I wish I understood all of this tech stuff.
My computer says it has an Intel Core 17????
Just what we need a bunch of broken computers after this fix.
79
posted on
01/03/2018 8:22:39 PM PST
by
hsmomx3
To: Red Badger
[[Back in the 80s I had an IBM XT clone that had a Turbo Boost button on the front.
I think all it did was turn on a light..................
]]
Yeah but I’ll bet the light came on really really fast=- turbo fast
80
posted on
01/03/2018 8:26:13 PM PST
by
Bob434
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-60, 61-80, 81-100, 101-111 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson