Apple has already partially implemented fix in macOS for 'KPTI' Intel CPU security flaw

By Mike Wuerthele

After a public disclosure of a security flaw with nearly every Intel processor produced for the last 15 years, concern grew that a fix may take up to 30 percent of the processing power away from a system. But Apple appears to have at least partially fixed the problem with December's macOS 10.13.2 -- and more fixes appear to be coming in 10.13.3.

Multiple sources within Apple not authorized to speak on behalf of the company have confirmed to AppleInsider that there are routines in 10.13.2 to secure the flaw that could grant applications access to protected kernel memory data. These measures, coupled with existing programming requirements about kernel memory that Apple implemented over a decade appear to have mitigated most, if not all, of the security concerns associated with the flaw publicized on Tuesday.

Further confirming the fixes, developer Alex Ionescu has further identified the code that fixed the issue, and is calling it the "Double Map."

Our sources, as well as Ionescu, say that there are more changes in the macOS High Sierra 10.13.3 -- but both declined comment on what they may be, or what else is required to totally secure users.

AppleInsider is in the midst of comparative speed testing on a 2017 MacBook Pro. Early indications are that there are no notable slowdowns between a system running macOS High Sierra 10.13.1 and 10.13.2.

Mitigations by Linux code-base maintainers are underway, as are changes by Microsoft to protect Windows users. In response to a query, Microsoft told AppleInsider that they had no comment on a timetable of a release to fix the security flaw at this time, but kernel memory handling was altered by the company in Windows 10 beta builds in the end of 2017.

Potentially at risk from the flaw is anything contained in kernel memory, such as passwords, application keys, and file caches. Details surrounding the bug, and how to exploit it, are still under wraps.

Intel is unable to fix the flaw with a firmware update.

Aside from macOS, Microsoft's Windows and Linux are also open to the vulnerability. Beyond personal computers, some believe cloud services like Amazon EC2, Microsoft Azure and Google Compute Engine are impacted by the bug and will need to be updated.

Amazon has alerted its customers to a large security update coming to AWS in February. Microsoft's Azure service has a maintenance period scheduled for Jan. 10.