Yesterday, The Register reported that a bug is present in Intel processors produced in the past decade that allows normal user programs to discern to some extent the layout or contents of protected kernel memory areas. This has programmers scrambling to overhaul the Linux kernel's virtual memory system. Microsoft has been working on a fix since at least November.
Python Sweetness writes, "There is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer."
The fixes for Linux and Windows are estimated to have a major effect on performance with The Register estimating a 5 - 30% slow down, depending on the task and the processor model.
Following the report, Mac users were left wondering how they would be affected. Thankfully, Apple has already addressed the issue, according to a tweet from kernel expert Alex Ionescu.
The question on everyone's minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the "Double Map" since 10.13.2 -- and with some surprises in 10.13.3 (under Developer NDA so can't talk/show you).
When asked if 10.13.3 was required for full bug mitigation, Ionescu said no.
No, sorry, did not mean to imply that. There are some changes in 10.13.3 but they shouldn't affect the quality of the mitigation _as far as I can see_
Also notable, Mac users should see much of a performance hit.
"The performance drop on a system with PCID is minimal," says Ionescu. "Most Macs have PCID."
Please follow iClarified on Twitter, Facebook, Google+, or RSS for updates.