Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MP 1,1-5,1 Mac Pro 5,1 MDS vulnerability information thread

Status
The first post of this thread is a WikiPost and can be edited by anyone with the appropiate permissions. Your edits will be public.
roobarb! said:
If I get some time I'll do a comparative run with Cinebench.


There are no known attack methods in the wild as yet, but I would imagine someone will come up with a malicious website exploit eventually. It probably already exists, but it's not in the hands of folks who'd risk wasting it on regular Joes such as myself. :)
Click to expand...
I'm curious what the true fallout of these vulnerabilities will be. They are proven to exist, but what is the technical difficulty of building and delivering the attack? What percentage of the market even runs a Westmere Xeon anymore? I guess if I'm a bad guy targeting users for some nefarious reason, do I go after the handful of folks still running legacy Macs that cost $300?
 
All the major web browsers have been patched for the vulnerability a while ago. So the way to avoid this attack is the same as avoiding any other piece of malware: just prevent malicious code from running on your machine. Viruses, worms, trojans, drive-bys, etc. - the delivery vector hasn't changed. Update your browser and OS, have an adblock extension blocking malware domains, don't download software from questionable sources, and you should be good to go. Use NoScript if you're extremely paranoid.

The most realistic attack scenario I can think of using this vulnerability is a nation-state attacking another nation-state or large corporation, trying to peer into virtual machines running on their servers. To pull that off would require extraordinary effort, patience, funding, expertise and mistakes on the part of the target (think Stuxnet). The average malware author looking to make a quick buck off of stealing random victims' bank accounts isn't going to be interested in using this.
 
  • Like
Reactions: donluca, roobarb! and Darmok N Jalad
TBH if I hadn’t read it here on the forums, I would have been oblivious and just carried on as normal....:)
Personally don’t visit any dodgy sites, all secure stuff like banking and shopping, and don’t ever visit sites I havn’t heard of.

The worst site I visit (for annoying ads) is Macrumors.......go figure.
But that’s all on my ipad.
 
tsialex said:
I just noticed one stupid error on the Apple support article, there’s no late-2010 Mac Pro and they causally forgot the early-2009 one:
View attachment 837186
Click to expand...

Received a note from Apple Product Security in regards to my report and Apple has FINALLY updated the list to accurately state Mac Pro mid 2010 and Mac Pro mid 2012 as unsupported models.

https://support.apple.com/en-us/HT210107

Screen Shot 2019-09-06 at 7.11.06 AM.png

Still no clarification (from Apple) if Mac Pro 2010/2012 is truly FULLY mitigated by disabling HT, though this page (still?) would lead someone to believe that:

https://support.apple.com/en-us/HT210108
 
  • Like
Reactions: MisterAndrew and tsialex
I don’t believe full mitigation is possible for the CPUs in these machines. If it could be fully mitigated I think Apple would have supported them with Catalina and enabled the mitigation by default. Instead they’ve been axed, Apple’s indirect way of saying don’t use these Macs anymore. As time goes on without any new fixes they’ll become increasingly more vulnerable.
 
MisterAndrew said:
I don’t believe full mitigation is possible for the CPUs in these machines. If it could be fully mitigated I think Apple would have supported them with Catalina and enabled the mitigation by default. Instead they’ve been axed, Apple’s indirect way of saying don’t use these Macs anymore. As time goes on without any new fixes they’ll become increasingly more vulnerable.
Click to expand...

I personally agree, however it appears APPLE does not agree. The issued statements/directions from Apple for "How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities" states "FULL MITIGATION" several times on the page, which is linked from a statement that says "Learn how to enable full mitigation."

https://support.apple.com/en-us/HT210108

Screen Shot 2019-09-06 at 1.47.51 PM.png
Screen Shot 2019-09-06 at 1.50.31 PM.png

At best, it's confusing. At worst, it's misleading. My specific questions to Apple Product Security for clarity remain unanswered.
 
The best mitigation is don't expose your Mac to malicious code. If your CPU's immunity to MDS is the deciding factor that prevents it from successfully attacking you, you're doing a lot of things wrong (and still have malicious code running on your Mac, by the way).
 
Thanks for sharing that article. It's very interesting and makes a lot of important points. It's just a matter of time before hackers take advantage of these vulnerabilities and researches will uncover more vulnerabilities that the 5,1 CPUs will never be patched for.
 
yesterday the technical university of graz/austria reports that the
newest intel CPU's generation 10 are also vulnerable by a modified zombieload!

the TU graz had already pointed out the meltdown and zombieload errors in intel CPU's before

source in german:
futurezone.at

ZombieLoad: Intel-Prozessoren erneut gefährdet

Ein Forscherteam der TU Graz hat eine Variante der Angriffsmethode ZombieLoad bei Intel-Prozessoren der zehnten Generation enthüllt.
futurezone.at futurezone.at
 
  • Like
Reactions: MisterAndrew
MisterAndrew said:
Thanks for sharing that article. It's very interesting and makes a lot of important points. It's just a matter of time before hackers take advantage of these vulnerabilities and researches will uncover more vulnerabilities that the 5,1 CPUs will never be patched for.
Click to expand...
Presumably this is irrespective if Hyper-threading is on or off?
 
bsbeamer said:
Correct. That is the main concern for the future of these CPUs that remain in service.
Click to expand...
The Wired article comments only about the TSX vulnerability of x-lake generation processors.

After today’s firmware updates that not one Ivy-Bridge class (MP6,1 included) got the microcode updates, I’m seriously thinking that Intel made more processors obsolete quietly.

I really hope I’m wrong and maybe the microcodes are just not ready for deployment yet.
 
This is the latest tangible document I'm aware of from Intel, updated August 31, 2019:

They're "supposed" to be updating it for accuracy on an ongoing basis. Not a single Ivy Bridge has been updated since June 2019. That is also the case for the majority of CPUs, except for some Sandy Bridge.

Future-forward, Intel should at minimum declare they will issue vulnerability patches and updates for XX number of years from initial CPU release. Machines easily can last 7+ years these days, but be left in the dark without microcode updates.
 
Here are the microcode update files. You can watch here to see which processors are getting updates. Some of them were updated 2 days ago. These files can be used to update the Windows microcodes manually. I don't know how to use them to update macOS though.

github.com

GitHub - intel/Intel-Linux-Processor-Microcode-Data-Files

Contribute to intel/Intel-Linux-Processor-Microcode-Data-Files development by creating an account on GitHub.
github.com github.com
 
Here's another vulnerability recently discovered in Intel chips, but it looks like it doesn't apply to the 5,1 CPUs because it requires SGX support (which also isn't supported by macOS).

Modern Intel CPUs Plagued By Plundervolt Attack

Plundervolt

"Plundervolt affects all SGX-enabled Intel Core processors from Skylake onward, meaning that Intel modern Core processors (6th-, 7th-, 8th-, 9th- and 10th-generation), as well as Intel Xeon Processor E3 v5 and v6, and Intel Xeon Processor E-2100 and E-2200 families are at risk."

It appears that the Xeon CPUs in the 6,1 and 7,1 also do not support SGX.
 
Last edited:
  • Like
Reactions: bsbeamer
Personally I‘m over this now, I might as well wear a tin hat, rather than worry about every new cpu problem that appears each week.
I went for years without even knowing of vulnerabilities before I was on these forums, and was perfectly happy and safe.
Ignorance is bliss.......... ;)
 
Are there any Terminal wizz’s here.
There must be a ‘reverse’ way to re-enable hyperthreading in terminal without a pram reset.

I don’t want to mess with the current setup by resetting.
Just a thought.
 
MarkC426 said:
Are there any Terminal wizz’s here.
There must be a ‘reverse’ way to re-enable hyperthreading in terminal without a pram reset.

I don’t want to mess with the current setup by resetting.
Just a thought.
Click to expand...
Execute:

Code: 
sudo nvram -d SMTDisable

Enter password then shutdown and power on again.

Optional:

Remove "cwae=2" from boot-args
 
MarkC426 said:
Thanks mate, will give it a go....
Click to expand...
You're welcome. You will need to have SIP disabled to re-enable HT or without SIP disabled via recovery. I can't remember if the same applies to deleting nvram variables.

Cheers

Edit: To disable HT

Code: 
sudo nvram SMTDisable=%01

SIP must be disabled or partially enabled with NVRAM protection disabled. Shutdown then power on again.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back