Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple has already partially implemented fix in macOS for 'KPTI' Intel CPU security flaw

Last updated

After a public disclosure of a security flaw with nearly every Intel processor produced for the last 15 years, concern grew that a fix may take up to 30 percent of the processing power away from a system. But Apple appears to have at least partially fixed the problem with December's macOS 10.13.2 — and more fixes appear to be coming in 10.13.3.

Multiple sources within Apple not authorized to speak on behalf of the company have confirmed to AppleInsider that there are routines in 10.13.2 to secure the flaw that could grant applications access to protected kernel memory data. These measures, coupled with existing programming requirements about kernel memory that Apple implemented over a decade appear to have mitigated most, if not all, of the security concerns associated with the flaw publicized on Tuesday.

Further confirming the fixes, developer Alex Ionescu has further identified the code that fixed the issue, and is calling it the "Double Map."

Our sources, as well as Ionescu, say that there are more changes in the macOS High Sierra 10.13.3 — but both declined comment on what they may be, or what else is required to totally secure users.

AppleInsider is in the midst of comparative speed testing on a 2017 MacBook Pro. Early indications are that there are no notable slowdowns between a system running macOS High Sierra 10.13.1 and 10.13.2.

Mitigations by Linux code-base maintainers are underway, as are changes by Microsoft to protect Windows users. In response to a query, Microsoft told AppleInsider that they had no comment on a timetable of a release to fix the security flaw at this time, but kernel memory handling was altered by the company in Windows 10 beta builds in the end of 2017.

Potentially at risk from the flaw is anything contained in kernel memory, such as passwords, application keys, and file caches. Details surrounding the bug, and how to exploit it, are still under wraps.

Intel is unable to fix the flaw with a firmware update.

Aside from macOS, Microsoft's Windows and Linux are also open to the vulnerability. Beyond personal computers, some believe cloud services like Amazon EC2, Microsoft Azure and Google Compute Engine are impacted by the bug and will need to be updated.

Amazon has alerted its customers to a large security update coming to AWS in February. Microsoft's Azure service has a maintenance period scheduled for Jan. 10.



17 Comments

racerhomie3 1264 comments · 7 Years

This does it. I am selling my MacBook & changing to iPad Pro or 5 with a BT keyboard.

daven 722 comments · 16 Years

Next up are the class action lawsuits for Apple getting an early start on fixes and not disclosing that they were fixing it.

sflocal 6137 comments · 16 Years

rob53 said:
What about all the macs that can’t run 10.3.2? Did a security update fix those systems?

Those Macs that can't run the current MacOS most likely are no longer by Apple.  

larrya 608 comments · 13 Years

This does it. I am selling my MacBook & changing to iPad Pro or 5 with a BT keyboard.

Ironic that the “post-PC era” would be hastened by Intel.