Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Desktops (Apple) Security Apple

Intel Memory Access Design Flaw Partially Addressed by Apple in macOS 10.13.2 [Unconfirmed] ( 49

An anonymous reader shares a report: A serious design flaw and security vulnerability discovered in Intel CPUs has reportedly already been partially addressed by Apple in the recent macOS 10.13.2 update, which was released to the public on December 6. According to developer Alex Ionescu, Apple introduced a fix in macOS 10.13.2, with additional tweaks set to be introduced in macOS 10.13.3, currently in beta testing. AppleInsider also says that it has heard from "multiple sources within Apple" that updates made in macOS 10.13.2 have mitigated "most" security concerns associated with the KPTI vulnerability. A Bloomberg reporter pointed out that Apple has not officially commented on the story.
This discussion has been archived. No new comments can be posted.

Intel Memory Access Design Flaw Partially Addressed by Apple in macOS 10.13.2 [Unconfirmed]

Comments Filter:
  • I hope they will fix this in 10.12.x too. I'd get my passwords tattooed on my forehead before I try using High Sierra again.
    • by Kenja ( 541830 )
      Was initially fixed in 10.12.3, 10.13.2 is an update to the existing fix.
    • by nnull ( 1148259 )
      Still waiting for other linux distributions to issue a patch. As of this moment, Arch latest is still 4.14.11-1 and is still not patched from the looks of it? []
    • I'd get my passwords tattooed on my forehead before I try using High Sierra again.

      I hope on the inside...

    • Given they consistently post security fixes for the three most recent versions of the OS, I would expect this was included in the December 6 security updates for El Capitan and Sierra as well.

      It's not like Apple actually makes any noise regarding the updates for its older OSes... they just show up in the App Store, and you have to go look at the relevant knowledge base article to learn anything. And given that this purported fix is "someone said this", it's not surprising that 10.11 and 10.12 weren't mentio

  • by Anonymous Coward

    So this article is pretty wrong. First of all, KPTI -- kernel page table isolation -- isn't a vulnerability, it's a security framework that prevents meltdown (and more importantly a bunch of other potential attacks) from being effective.

  • And Intel can't seem to get stuff right, P90 bug anyone. What happens when they go AI or deep learning and have similar issues? No one is perfect but I am certainly a bit concerned.
    • Re:Oh no. (Score:4, Insightful)

      by ceoyoyo ( 59147 ) on Thursday January 04, 2018 @12:41PM (#55862851)

      If your AI can't figure out it's way around silly processor errors you've got a problem. Deep learning likes noise. You add extra, on purpose.

      Regular algorithms are fragile and usually don't work if the numbers don't add up. But be fair: Intel has had two real bugs that I remember, in the last... forty years? Outside of those two, I doubt anyone has even contemplated the need to patch their processor. Not many projects in the computer business can say that.

      • by Anonymous Coward

        "Outside of those two" - Which rock are you hiding under? You should look at the processor errata sheets. Then you'll wonder how your computer ever works right. Many computer crashes and hangups are actually due to processor bugs.

  • Like we've already addressed most vulnerabilities ever discovered? (It's the new, unaddressed ones that bite you.)
  • by supernova87a ( 532540 ) <(moc.liamtoh) (ta) (1relpek)> on Thursday January 04, 2018 @12:22PM (#55862755)
    This is outrageous that Apple is rolling out some software update to "help" our processors function better without asking us! I demand to be asked whether I want this software fix to be implemented, because it makes my processor work slower! Apple sucks and don't get me started on batteries.
  • Should we expect a corresponding performance hit?
  • Apple have now commented on the issue. []

That does not compute.