Posted on 01/03/2018 1:55:39 PM PST by Red Badger
The fix requires major OS rewrites which will probably make your computer run slower.
An extremely severe security flaw has been found to affect nearly every Intel processor made in the past decade or more, giving any hackers who might know how to exploit it access to protected information systemwide. The Register reports that programmers are rushing to make the sweeping changes necessary to protect against the vulnerability on Linux and Windows operating systems, with such fixes required on macOS as well. Even worse, you can expect these vital updates to noticeably slow down your computer.
The design flaw in Intel's x86-64 hardwarefirst introduced in 2004 and still in use in the lion's share of modern-day processorsallows programs without the proper permissions to access the part of an operating system known as the kernel, a low-level chunk of code that controls literally everything in your system.
The exact details of the vulnerability are still somewhat under wraps, but as The Register has pieced together from multiple, technical sources, it appears the flaw is based in a feature called "speculative execution." This trick allows a processor to do things before it's absolutely sure they need to be done, so the results are ready as quickly as possible if needed and simply ignored if not. In Intel's x86-64 hardware, however, it appears that programs may be able to speculatively execute code they would not have permission to run under normal circumstances, allowing carefully-constructed, malicious code to essentially read your entire operating system's mind without the proper permission. The potential bounty of such an attack includes passwords, login files, and pretty much anything you'd ever want to keep secret.
It's hard to zero in on the most troubling part of this flaw. Intel's x86-64x processors are the most widely-used chips in virtually every form of laptop. If you don't know what processor you have, you almost certainly have one with this flaw. If you do have an AMD processor, however, congratulationsthey are confirmed to be safe from the exploit.
In addition to the ubiquity of Intel processors, the low-level nature of this vulnerability means that hackers who may have learned to exploit it would have access to an unprecedented number of machines. And considering x86-64 has been around and prevalent since 2004, possible hackers have had access for over 10 years. No researchers have yet come forward with an example program that exploits this flaw, but that's hardly proof that hackers, or the NSA, didn't figure out how to make use of this exploit years ago.
On top of it all, the fix requires extremely deep and wide-reaching changes at the root levels of an operating system's softwarechanges that could impact performance of Intel machines by as much as 30 percent. The only alternative? A new computer with a different processor, or one powerful enough to make up for the performance hit. Even worse, these performance hits won't just come to your computer, but also the army of distant servers that run countless internet-connected services in the cloud.
So what can you do? Not much. If you have a computer with a competing AMD processor, pat yourself on the back and breathe easy. Otherwise, make sure that your computer's operating system is up to date with the latest security updates, though fixes for this particular problem may not be widely available for days or even weeks. Intel has yet to publicly comment on the vulnerability, but the consequences will likely reverberate for years.
Windows and Mac ping.
You didn’t administer any beatings? They expect that, you know.
Per this article, AMD and ARM chips are also impacted:
Apple has already partially implemented fix in macOS for 'KPTI' Intel CPU security flaw
I think all it did was turn on a light..................
Leaving the button off slowed your PC to 4.77 MHz. Turning it on let it run at whatever the advertised speed was (16, 20, 33, 66). It was found on 80286, 386, and 486 machines.
Many games timed off of the original 4.77 MHz chip speed on the PC. They would not run at higher speeds. The button gave you backwards compatibility for these games.
Thank goodness I’m on my AMD FX-8350 as I type ...... yeah, she’s old and she’s not the fastest CPU in the world but she don’t have this steenking vulnerability!!!
It turns out that Apple patched for this Intel vulnerability on December 6, 2017. . . so it's not a problem. It's not an issue on Macs now and no slowdown in the operations.
4.77 Mhz to 8 Mhz
Would be interesting to see before & after patch performance benchmarks for Microsoft, Apple and Linux. Any future lawsuits against Intel for this vulnerability are going to depend on/require demonstration of loss of performance.
Intel has had backdoors forever, as per our “government” requests.
Windows has another undocumented “feature”?? Who would have thought........?
Thanks to Windflier for the ping!!
There are two vulnerabilities only one of which is the Intel vulnerability. The other, called Spectre can effect the AMD and ARM processors, especially mobile devices such as cellular phones and tablets, for it to be exploited required the following:
"In order to exploit the flaw the "attacker gains physical access by manually updating the platform with a malicious firmware image through flash programmer physically connected to the platforms flash memory."
So it's not really too much of a serious exploit. "Physical access" and "manually updating" the device's firmware. Right. Sure.
Does that apply to all supported versions, or only High Sierra? I.e. Has Apple rolled out fixes for older versions, -or- will older versions get a fix in the future, -or- does this force us all to upgrade?
And it seems, according to the wording, that the “physical” stuff only applies to the AMD and ARM chips.
A similar exploit has been found in AMD processors. https://www.windowscentral.com/all-modern-processors-impacted-new-meltdown-and-spectre-exploits
A similar exploit has been found in AMD processors. https://www.windowscentral.com/all-modern-processors-impacted-new-meltdown-and-spectre-exploits
Apple’s is already patched as of 10.13.2 (which has been out a while) and further steps will be taken in 10.13.3, currently in dev beta. 10.13.2 shows no significant speed loss.
I wish I understood all of this tech stuff.
My computer says it has an Intel Core 17????
Just what we need a bunch of broken computers after this fix.
[[Back in the 80s I had an IBM XT clone that had a Turbo Boost button on the front.
I think all it did was turn on a light..................
]]
Yeah but I’ll bet the light came on really really fast=- turbo fast
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.