Report: Intel CPU Security Flaw Requires OS-Level Fix Which Could Cause Performance Hit in macOS
A recently discovered silicon-level security flaw in Intel CPU designs will force operating system makers like Apple and Microsoft to update their OS kernels and other software components, which could result in performance hits of up to 30%.
Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.
Similar operating systems, such as Apple’s 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can’t address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.
The Register says the flaws grants user applications a certain level of ability to discern to some extent the layout or contents of protected kernel memory areas. Those areas could include information that ranges from passwords to application keys to file caches.
Details about the flaw are being kept under wraps until patches fixing the flaws are issued for the major operating systems. The vulnerability is said to be present in Intel x86 hardware manufactured in the past decade. That includes Macs manufactured during that timespan.
Microsoft is reported to be releasing fixes for related to the flaws for its Windows operating system, with the update arriving as soon as next week, in a Patch Tuesday release. No word on when Apple might issue a fix.
Linux programmers have patched the vulnerability with patches to the operating system’s virtual memory system. The solution has been to completely separate a system’s kernel memory from system process using Kernel Page Table Isolation (KPTI).
As well as Windows, Linux and macOS, cloud services, such as Amazon EC2, Microsoft Azure and Google Compute Engine are also likely affected by the bug, and will also need to be updated.