Purchased a Mac or Windows computer recently that’s faster than any PC you’ve ever owned? Well, we need to talk. All computers packing Intel chips that were made in the last decade suffer from a serious security issue that should be patched shortly. That’s the good news.
The bad news is that the patch involves slowing down all these computers by up to 30%. Some users may feel the change in performance, others won’t. But the updates are rolling out because this security flaw appears to be very dangerous. Don’t even think about not installing them when they arrive.
First detailed by The Register, the Intel vulnerability would allow malicious individuals to access areas of the computer that shouldn’t be available to anybody.
The issue is so severe that every computer powered by an Intel chip made in the last ten years or so will need to be updated, including personal and work machines, as well as servers that power various internet services.
The details of the vulnerability are kept under wraps until patches will be released. But the flaw affects the kernel memory of an Intel chip. It looks like regular programs, including a simple JavaScript app in a browser, could read the contents of the protected kernel memory. That means apps could detect and read essential parts of an operating system, and expose personal information like user passwords.
The Register explains it best with this metaphor:
Think of the kernel as God sitting on a cloud, looking down on Earth. It’s there, and no normal being can see it, yet they can pray to it.
The planned fixes will make the kernel invisible to everyone. But this comes with an annoying side-effect, and that’s a potentially significant drop in performance:
These KPTI patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all. Really, this shouldn’t be needed, but clearly there is a flaw in Intel’s silicon that allows kernel access protections to be bypassed in some way.
The downside to this separation is that it is relatively expensive, time-wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead and slows down the computer.
Your Intel-powered machine will run slower as a result.
Updates are expected in the very near future, at which point more details about the security issue should be revealed. Intel hasn’t commented on the matter, but maybe the company should address the issue, considering its implications. Read the full report on the matter at this link.