Faced with reports that a “major” security flaw has been discovered in millions of Intel processors sold over the past decade, Intel today responded to the claims, framing the issue as an exploit impacting “many different vendors’ processors,” and requiring an “industry-wide approach to resolve this issue promptly and constructively.” Due to the nature of the exploit, OS kernel-level patches are apparently needed, and in some cases are expected to noticeably diminish performance of many computers across the world.
While Intel did not offer specifics on the exploitation of its chips, reports have claimed that the exploits allow insecure apps to access “secure” portions of a computer’s memory, including areas where passwords and other private content are stored. An exploit could allow rogue Javascript code running in a web browser to see supposedly protected information, compromising the computer and its user.
Intel’s response concedes that the exploits “have the potential to improperly gather sensitive data from computing devices that are operating as designed,” but notes that the company “believes these exploits do not have the potential to corrupt, modify or delete data,” if that provides anyone with any degree of comfort. The response notes that “Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available,” but rushed the statement to address “current inaccurate media reports.”
Despite Intel’s statement on shared exposure, the exploit has been said by researchers to impact “virtually all” Intel-based machines, including consumer PCs, enterprise computers, and cloud servers. According to LWN.net, equivalent patches are also being readied for ARM processors, though the extent to which ARM-based devices will be compromised is unclear. Intel notes that AMD and “several operating system vendors” are all working on solutions.
To that end, separate reports have suggested that Apple, Microsoft, and developers of Linux distributions are all actively readying critical kernel-level patches to address the flaw. Initial fixes for the bug have been referred to as “kernel page-table isolation” (KPTI), and work by relocating the secured memory area away from the insecure memory used by programs.
As noted by The Register, KPTI fixes presently slow down certain processes by 5-30%, though a given computer’s performance hit will depend on its specific processor, tasks, and operating system. Synthetic benchmarks published by Phoronix show an over 40% performance cut on I/O functionality with an Intel i7-8700K processor, but less than 10% impact during the same test with an i7-6800K chip. Video encoding and gaming performance do not appear to be affected by early fixes.
The question on everyone's minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the "Double Map" since 10.13.2 — and with some surprises in 10.13.3 (under Developer NDA so can't talk/show you). cc @i0n1c @s1guza @patrickwardle pic.twitter.com/S1YJ9tMS63
— Alex Ionescu (@aionescu) January 3, 2018
Patches to address the bug have already been released for some Linux distributions and beta versions of Windows; the Windows 10 patch is expected to debut next Tuesday as part of Microsoft’s monthly patch schedule. Linux developers are being warned that performance regressions are likely.
Apple is reportedly patching macOS to address the flaw, as well. Following a new tweet this afternoon from Alex Ionescu, who previously tweeted about KPTI and Windows, AppleInsider cited unnamed sources within Apple as confirming that the current version of macOS (10.13.2) mitigates the KPTI issue, with additional unspecified changes planned for the upcoming 10.13.3 release. According to AppleInsider, “[e]arly indications are that there are no notable slowdowns between a system running macOS High Sierra 10.13.1 and 10.13.2.” We have reached out to Apple for additional details and will update this article with anything the company offers.
