Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Latest Intel and AMD vulnerabilities a gentle reminder to switch to Apple silicon

A pair of vulnerabilities have been discovered impacting Intel and AMD CPUs, and they both affect generations of processors for those who haven't updated their systems yet.

The new threats are called "Downfall" and "Inception," and both rely on speculative execution in a similar way as the Meltdown and Spectre bugs, respectively. They are both described as being of "medium" severity, with Downfall impacting Intel chips and Inception targeting AMD processors.

Intel and AMD have both issued OS-level microcode software updates as of now, with both companies aiming to address both vulnerabilities. As reported by Ars Technica, the two companies have also confirmed that they have not identified any exploits that exist for either vulnerability.

However, it's important that manufacturers issue their own updates to address the issues once Intel and AMD make them available. Both Downfall and Inception are risks to consumer products, server CPUs, and workstations, any of which are equipped with years-old Intel or AMD processors.

Downfall

By all accounts, Downfall is the bigger of the two vulnerabilities. It's known as "CVE-2022-40982," and it's outlined by Google security researcher Daniel Moghimi. He describes it as such:

"The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not normally be accessible. I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution. To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques. You can read the paper I wrote about this for more detail."

Moghimi says Downfall is a "successor" to the Meltdown vulnerability, as they both rely on speculative execution to harm affected systems.

Intel says all processors based on Skylake, Kaby Lake, Whiskey Lake, Ice Lake, Comet Lake, Coffee Lake, Rocket Lake, and Tiger Lake are all impacted by Downfall, along with other processor generations as well. That means most chips produced from 2015 and newer are affected.

Intel haunted by Spectre Intel haunted by Spectre

However, Intel's newest 12th- and 13th-generation chips based on Alder Lake and Raptor Lake are not affected. Meanwhile, Celeron, Pentium, and Apollo low-end CPUs are not affected, either.

Inception

Inception is also known as "CVE-2023-20569," and it's a descendent of the Spectre bug, and it's described as "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."

Security researchers at ETH Zrich's COSMEC group point out that this vulnerability can leak arbitrary data on a range of AMD processors, including Ryzen, EPYC, and Threadripper. The group has also published a proof-of-concept video showing off the vulnerability.

The good news is these vulnerabilities have been addressed by Intel and AMD, and neither appears to be as dangerous as the vulnerabilities they are descended from, Meltdown and Specter.

Might be a good time to upgrade to Apple silicon

Still, if nothing else, these widespread vulnerabilities are a gentle reminder that Apple has moved away from Intel in its choice of processors. The company is now all-in with Apple Silicon, meaning it doesn't need to worry about Intel or AMD vulnerabilities like these.

Apple silicon Apple silicon

It's worth noting that there are still some vulnerabilities that can pop up, even for Apple silicon. The "PacMan" flaw was an echo of Spectre and Meltdown in 2022, for instance, albeit one that did not seriously harm any computers out in the real world.



18 Comments

🕯️
lam92103 4 Years · 148 comments

Thanks but no thanks. Gonna stick to x86

coolfactor 20 Years · 2342 comments

lam92103 said:
Thanks but no thanks. Gonna stick to x86

Now tell us why.

🎄
coolfactor 20 Years · 2342 comments

iBiCCC said:
lam92103 said:
Thanks but no thanks. Gonna stick to x86
#metoo.  Honestly who wouldn't.  It makes zero sense.  All microprocessor will be the same.  MacOS is built on x86.  Intel is a serious company. Rosetta runs x86.  It was built on x86 and the M-Chips are x86.  Fun Fact.

What? That makes no sense. I think you're missing a few details.

Before Apple adopted Intel processors, Mac OS (or OS X) ran on Motorola PowerPC chips.

Are you claiming that ARM chips (of which M-series chips are built) are actually built using Intel x86 architecture? Not true at all. ARM and x86 are entirely separate architectures. If your claim had any truth to it, Microsoft would not have had so much trouble rolling out their ARM-based Windows.

Rosetta translates executable code of applications, not the OS, that haven't yet been built for Apple silicon. That's the only role that Rosetta plays. macOS itself is not running ON Rosetta.

🌟
ravnorodom 8 Years · 721 comments

iBiCCC said:
lam92103 said:
Thanks but no thanks. Gonna stick to x86
#metoo.  Honestly who wouldn't.  It makes zero sense.  All microprocessor will be the same.  MacOS is built on x86.  Intel is a serious company. Rosetta runs x86.  It was built on x86 and the M-Chips are x86.  Fun Fact.

And my car runs on x86 because it has Windows.  :D

🎅
dewme 10 Years · 5781 comments

It’s true that Apple doesn’t have to worry about x86 vulnerabilities. But it’s only a matter of time until Apple Silicon vulnerabilities are discovered.