Apple has partially repaired effects of Intel “KPTI” memory/security bug, will add additional fixed in macOS High Sierra 10.13.3

Posted by:
Date: Thursday, January 4th, 2018, 03:04
Category: High Sierra, macOS, News, Processors, security, Software

Following public disclosure of a security flaw with nearly every Intel processor produced for the last 15 years, concern grew that a fix may take up to 30 percent of the processing power away from a system. But Apple appears to have at least partially fixed the problem with December’s macOS High Sierra 10.13.2 with additional fixes seeming likely appear to be coming in macOS 10.13.3.

A number of anonymous sources within Apple have confirmed that routines exist within macOS High Sierra 10.13.2 that could grant applications access to protected kernel memory data. These measures, alongside existing programming requirements regarding kernel memory that Apple has implemented over the past decade, seem to have mitigated much of the issue.

The fix was further confirmed by developer Alex Ionescu, who called the code regarding the issue the “Double Map.”

Ionescu, along with other sources, said that changes implemented in macOS High Sierra, will resolve the issue. All parties declined to comment as to what these specific fixes would consist of.

The issue is also being looked into by developers handling the overall Linux code base as well as Microsoft to protect Windows users. Currently, no developers have offered a timetable to release a fix to the security flaw at this time, albeit Microsoft has issued Windows 10 beta builds looking into the problem.

Potentially at risk from the flaw is anything contained in kernel memory, such as passwords, application keys, and file caches. Details surrounding the bug, and how to exploit it, are still under wraps.

Aside from macOS, Microsoft’s Windows and Linux are also open to the vulnerability. Beyond personal computers, some believe cloud services like Amazon EC2, Microsoft Azure and Google Compute Engine are impacted by the bug and will need to be updated.

Amazon has alerted its customers to a large security update coming to AWS in February. Microsoft’s Azure service has a maintenance period scheduled for January 10th.

Stay tuned for additional details as they become available.

Via AppleInsider

Recent Posts

Leave a Reply