The exceptionally scary design flaw in Intel’s processors (as well as other manufacturers silicon), that could put nearly all Mac, Windows, and Linux users at risk, appears to have been primarily addressed in the recent macOS 10.13.2 update.
The security flaw is unable to be patched by a firmware update from Intel, and requires OS manufacturers to issue an update to resolve. Aside from security concerns, there is also a significant hit to performance on some systems with the fix in place.
The bug could allow attackers to exploit this weakness to access passwords, security keys, and files that were cached to the disk. The kernel in operating systems have control over the entirety of your system. It connects different parts like the processor, memory, and different pieces of hardware. Intel, as well as other processor manufacturers, have a flaw that could let an attacker bypass the kernels protections and read the contents of the kernel’s memory.
The details of the bug have mostly been kept under wraps, as part of an NDA between hardware and software developers so that they have time to try to patch the issue before malware can take advantage of it.
The fix was found by developer Alex Lonescu, and he describes in a series of tweets and images the changes Apple has implemented in 10.13.2. There are also more changes coming in 10.13.3, though Lonescu is prohibited from revealing what those are as it is currently under a developer NDA. AppleInsider also has reported that they have their own sources who have confirmed the patch in 10.13.2 and 10.13.3.
The question on everyone's minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the "Double Map" since 10.13.2 — and with some surprises in 10.13.3 (under Developer NDA so can't talk/show you). cc @i0n1c @s1guza @patrickwardle pic.twitter.com/S1YJ9tMS63
— Alex Ionescu (@aionescu) January 3, 2018
The way to fix the issue is to essentially separate the kernel’s memory away from the user’s processes. Something known as “Kernel Page Table Isolation.” Unfortunately, that can take a toll on the system. At least, on Windows and Linux machines.
Apple’s patch in 10.13.12, seems to show no noticeable detrimental performance. At least on machines that use PCID (Process-Context Identifiers) which is most modern Macs.
Since being made public, Intel has also released a statement, calling out other manufacturers that also suffer from the same security issue.