macOS 10.13.2 already patched the Intel Security bug

[DrMacintosh]

Quote

The critical design flaw discovered in the way Intel CPUs process information has reportedly already been fixed by Apple in a recent release of macOS.

 

Quote

Apple’s fix came out at the beginning of December with the release of macOS 10.13.2. But according to one developer, the company has a few additional patches for Intel’s blunder in a current beta build.

 

Quote

The question on everyone's minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the "Double Map" since 10.13.2 — and with some surprises in 10.13.3 (under Developer NDA so can't talk/show you). cc @i0n1c @s1guza@patrickwardle pic.twitter.com/S1YJ9tMS63

— Alex Ionescu (@aionescu) January 3, 2018

 

So it would appear that Apple has already patched one of the security holes in the Intel chips their Macs run a while ago. What is interesting to me is that they noticed that there was a problem and implemented a fix before anyone else. 

 

It also appears that they have the patches for the rest of the vulnerabilities and maybe some macOS specific fixes lined up for 10.13.3. 

 

macOS best OS! 

 

Source: https://www.cultofmac.com/521443/apple-already-fixed-intels-massive-chip-flaw/

[Matu20]

Shit on Apple all you want, but their focus on single OS and product line has it's benefits.

[Sauron]

Interesting; did they somehow know about it in advance or did they unintentionally fixed part of the issue while adding a different feature? If they knew it already I wonder why they didn't tell Intel... it would be weird, I'm leaning towards the second case.

 

Still, good news for mac users.

[DrMacintosh]

3 minutes ago, Sauron said:

If they knew it already I wonder why they didn't tell Intel

Maybe they did, hence the Intel insider training news. 

[Sauron]

1 minute ago, Matu20 said:

Shit on Apple all you want, but their focus on single OS and product line has it's benefits.

Focus or not, unless they were prescient they couldn't have known about this in november unless they somehow discovered the issue themselves in a mind boggling coincidence - and then kept it to themselves. If that is the case, I must both compliment them for finding it and condemn them for not telling anyone...

 

The more likely scenario is that they added a new feature that required that change and ended up patching part of the issue in a stroke of luck.

[Sauron]

1 minute ago, DrMacintosh said:

Maybe they did, hence the Intel insider training news. 

But the dates don't match, if they knew about this in november linux and windows devs would have known about it in early december.

[DocSwag]

29 minutes ago, DrMacintosh said:

implemented a fix before anyone else. 

Correct me if wrong but I believe Microsoft issued an emergency security patch yesterday.

[DrMacintosh]

Just now, DocSwag said:

Correct me if wrong but I believe Microsoft issued an emergency security patch yesterday.

They did but macOS fixed it in December

[DocSwag]

Just now, DrMacintosh said:

They did but macOS fixed it in December

My bad, I didn't read the post too closely.

[Misanthrope]

19 minutes ago, Matu20 said:

Shit on Apple all you want, but their focus on single OS and product line has it's benefits.

Yeah you get a potential performance regression before anybody even had the chance to test that out.

 

Now lets hear folk say it doesn't matters because it wasn't that big deal this time.

[DrMacintosh]

2 minutes ago, Misanthrope said:

Yeah you get a potential performance regression before anybody even had the chance to test that out.

 

Now lets hear folk say it doesn't matters because it wasn't that big deal this time.

?

[Mira Yurizaki]

20 minutes ago, Sauron said:

Interesting; did they somehow know about it in advance or did they unintentionally fixed part of the issue while adding a different feature? If they knew it already I wonder why they didn't tell Intel... it would be weird, I'm leaning towards the second case.

From what I could gather, one of the research firms told the relevant stakeholders in private. The nice thing to do as a white hat researcher is to tell the affected parties in private and give them time to fix the problem before going public with it. It's a compromise between making sure as few people as possible have an unfettered ability to exploit it and letting everyone know there's a problem.

[TheGlenlivet]

12 minutes ago, M.Yurizaki said:

From what I could gather, one of the research firms told the relevant stakeholders in private. The nice thing to do as a white hat researcher is to tell the affected parties in private and give them time to fix the problem sell their shares before going public with it. It's a compromise between making sure as few people as possible have an unfettered ability to exploit it and letting everyone know there's a problem.

Here lemme fix that for ya.  hehe

[Mira Yurizaki]

1 minute ago, TheGlenlivet said:

Here lemme fix that for ya.  hehe

I wasn't aware that the Linux Foundation was a publicly traded company.

[TheGlenlivet]

 

3 minutes ago, M.Yurizaki said:

I wasn't aware that the Linux Foundation was a publicly traded company.

They are not, I was generalizing...

[Sauron]

28 minutes ago, M.Yurizaki said:

From what I could gather, one of the research firms told the relevant stakeholders in private. The nice thing to do as a white hat researcher is to tell the affected parties in private and give them time to fix the problem before going public with it. It's a compromise between making sure as few people as possible have an unfettered ability to exploit it and letting everyone know there's a problem.

I know, but unless I misunderstood something I thought MS and the Linux foundation had only started working on it very recently. If that's not the case I wonder why they didn't wait for everyone to have a fix before making it public.

[Mira Yurizaki]

1 minute ago, Sauron said:

I know, but unless I misunderstood something I thought MS and the Linux foundation had only started working on it very recently. If that's not the case I wonder why they didn't wait for everyone to have a fix before making it public.

The same reason Google said to Microsoft "You have 90 days to fix this before we go public with it."

[Sauron]

2 minutes ago, M.Yurizaki said:

The same reason Google said to Microsoft "You have 90 days to fix this before we go public with it."

Fair enough I guess... then I wonder what's taking the others so long.

[leadeater]

1 hour ago, Sauron said:

Interesting; did they somehow know about it in advance or did they unintentionally fixed part of the issue while adding a different feature? If they knew it already I wonder why they didn't tell Intel... it would be weird, I'm leaning towards the second case.

 

Still, good news for mac users.

All the major companies involved all knew at the same time, insider preview build of Windows had the patch in Dec. Microsoft just has a lot more bases to cover and were also busy deploying the patch to the Azure platform and validation testing it. They and Google were fully patched before the news about it became public.

[Boo Berry]

If you want to split hairs about it (not like it really matters who had it 'first'), Microsoft had a KPTI in place back in November beginning with the Insider builds (17035).

 

So yeah, Meltdown has been mitigated in most OSes now. Spectre is the one people should actually worry about, since it can be exploited via Javascript in the web browser (though it's harder to exploit than Meltdown).

[mynameisjuan]

2 hours ago, Matu20 said:

Shit on Apple all you want, but their focus on single OS and product line has it's benefits.

Who knew patching and maintaining a system that you know 100% for sure what the system has in it is easy?

 

While windows has to make a patch that is compatible with millions of configurations....

[Jito463]

My question would be, is it only High Sierra (10.13) that received the patch, or did they roll it out to previous versions?  When we've been reinstalling on Macs at work lately, we've avoided HS because of several bugs in it.  If 10.12 (Sierra) doesn't get this patch, that's going to force us to install 10.13 or leave customer's computers vulnerable.

[mr moose]

7 hours ago, Sauron said:

Fair enough I guess... then I wonder what's taking the others so long.

Sheer volume of varience in end user systems.  Apple are only patching one OS (with a few variants), MS are patching 7, 8, 10, several different servers, embedded and probably even XP.   Who knows how much they have to do for each OS given they could be running any CPU from the last 15 years.

[Drak3]

They were bound to get something right with HS eventually.

[79wjd]

Maybe I should finally update from El Capitan.