MP 1,1-5,1 Mac Pro 5,1 MDS vulnerability information thread

[Darmok N Jalad]

If I get some time I'll do a comparative run with Cinebench.


There are no known attack methods in the wild as yet, but I would imagine someone will come up with a malicious website exploit eventually. It probably already exists, but it's not in the hands of folks who'd risk wasting it on regular Joes such as myself.

I'm curious what the true fallout of these vulnerabilities will be. They are proven to exist, but what is the technical difficulty of building and delivering the attack? What percentage of the market even runs a Westmere Xeon anymore? I guess if I'm a bad guy targeting users for some nefarious reason, do I go after the handful of folks still running legacy Macs that cost $300?

 

[Demigod Mac]

All the major web browsers have been patched for the vulnerability a while ago. So the way to avoid this attack is the same as avoiding any other piece of malware: just prevent malicious code from running on your machine. Viruses, worms, trojans, drive-bys, etc. - the delivery vector hasn't changed. Update your browser and OS, have an adblock extension blocking malware domains, don't download software from questionable sources, and you should be good to go. Use NoScript if you're extremely paranoid.

The most realistic attack scenario I can think of using this vulnerability is a nation-state attacking another nation-state or large corporation, trying to peer into virtual machines running on their servers. To pull that off would require extraordinary effort, patience, funding, expertise and mistakes on the part of the target (think Stuxnet). The average malware author looking to make a quick buck off of stealing random victims' bank accounts isn't going to be interested in using this.

 

[Macbookprodude]

Fake News.. it hasn't happened to me and really I could care less.

 

[MarkC426]

TBH if I hadn’t read it here on the forums, I would have been oblivious and just carried on as normal....
Personally don’t visit any dodgy sites, all secure stuff like banking and shopping, and don’t ever visit sites I havn’t heard of.

The worst site I visit (for annoying ads) is Macrumors.......go figure.
But that’s all on my ipad.

 

[MacUser2525]

Personally don’t visit any dodgy sites, all secure stuff like banking and shopping, and don’t ever visit sites I havn’t heard of.

Well if the bad guys visit your "safe" sites and infect it with a payload for you to download ..

 

[MarkC426]

Your not helping my paranoia.........

 

[bsbeamer]

I just noticed one stupid error on the Apple support article, there’s no late-2010 Mac Pro and they causally forgot the early-2009 one:
View attachment 837186

Received a note from Apple Product Security in regards to my report and Apple has FINALLY updated the list to accurately state Mac Pro mid 2010 and Mac Pro mid 2012 as unsupported models.

https://support.apple.com/en-us/HT210107



Still no clarification (from Apple) if Mac Pro 2010/2012 is truly FULLY mitigated by disabling HT, though this page (still?) would lead someone to believe that:

https://support.apple.com/en-us/HT210108

 

[MisterAndrew]

I don’t believe full mitigation is possible for the CPUs in these machines. If it could be fully mitigated I think Apple would have supported them with Catalina and enabled the mitigation by default. Instead they’ve been axed, Apple’s indirect way of saying don’t use these Macs anymore. As time goes on without any new fixes they’ll become increasingly more vulnerable.

 

[bsbeamer]

I don’t believe full mitigation is possible for the CPUs in these machines. If it could be fully mitigated I think Apple would have supported them with Catalina and enabled the mitigation by default. Instead they’ve been axed, Apple’s indirect way of saying don’t use these Macs anymore. As time goes on without any new fixes they’ll become increasingly more vulnerable.

I personally agree, however it appears APPLE does not agree. The issued statements/directions from Apple for "How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities" states "FULL MITIGATION" several times on the page, which is linked from a statement that says "Learn how to enable full mitigation."

https://support.apple.com/en-us/HT210108




At best, it's confusing. At worst, it's misleading. My specific questions to Apple Product Security for clarity remain unanswered.

 

[Demigod Mac]

The best mitigation is don't expose your Mac to malicious code. If your CPU's immunity to MDS is the deciding factor that prevents it from successfully attacking you, you're doing a lot of things wrong (and still have malicious code running on your Mac, by the way).

 

[bsbeamer]

Some might find this interesting:

Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings

Speculative execution attacks still haunt Intel, long after researchers told the company what to fix.

www.wired.com

Just a reminder - the CPUs in MP5,1 and older are no longer being patched for vulnerabilities by Intel.

 

[MisterAndrew]

Thanks for sharing that article. It's very interesting and makes a lot of important points. It's just a matter of time before hackers take advantage of these vulnerabilities and researches will uncover more vulnerabilities that the 5,1 CPUs will never be patched for.

 

[tommy chen]

yesterday the technical university of graz/austria reports that the
newest intel CPU's generation 10 are also vulnerable by a modified zombieload!

the TU graz had already pointed out the meltdown and zombieload errors in intel CPU's before

source in german:

ZombieLoad: Intel-Prozessoren erneut gefährdet

Ein Forscherteam der TU Graz hat eine Variante der Angriffsmethode ZombieLoad bei Intel-Prozessoren der zehnten Generation enthüllt.

futurezone.at

 

[MarkC426]

Thanks for sharing that article. It's very interesting and makes a lot of important points. It's just a matter of time before hackers take advantage of these vulnerabilities and researches will uncover more vulnerabilities that the 5,1 CPUs will never be patched for.

Presumably this is irrespective if Hyper-threading is on or off?

 

[bsbeamer]

Presumably this is irrespective if Hyper-threading is on or off?

Correct. That is the main concern for the future of these CPUs that remain in service.

 

[MarkC426]

Right, I may as well turn it back on then.....

 

[tsialex]

Correct. That is the main concern for the future of these CPUs that remain in service.

The Wired article comments only about the TSX vulnerability of x-lake generation processors.

After today’s firmware updates that not one Ivy-Bridge class (MP6,1 included) got the microcode updates, I’m seriously thinking that Intel made more processors obsolete quietly.

I really hope I’m wrong and maybe the microcodes are just not ready for deployment yet.

 

[bsbeamer]

This is the latest tangible document I'm aware of from Intel, updated August 31, 2019:

https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance.pdf

They're "supposed" to be updating it for accuracy on an ongoing basis. Not a single Ivy Bridge has been updated since June 2019. That is also the case for the majority of CPUs, except for some Sandy Bridge.

Future-forward, Intel should at minimum declare they will issue vulnerability patches and updates for XX number of years from initial CPU release. Machines easily can last 7+ years these days, but be left in the dark without microcode updates.

 

[MisterAndrew]

Here are the microcode update files. You can watch here to see which processors are getting updates. Some of them were updated 2 days ago. These files can be used to update the Windows microcodes manually. I don't know how to use them to update macOS though.

GitHub - intel/Intel-Linux-Processor-Microcode-Data-Files

Contribute to intel/Intel-Linux-Processor-Microcode-Data-Files development by creating an account on GitHub.

github.com

 

[MisterAndrew]

Here's another vulnerability recently discovered in Intel chips, but it looks like it doesn't apply to the 5,1 CPUs because it requires SGX support (which also isn't supported by macOS).

Modern Intel CPUs Plagued By Plundervolt Attack

Plundervolt

"Plundervolt affects all SGX-enabled Intel Core processors from Skylake onward, meaning that Intel modern Core processors (6th-, 7th-, 8th-, 9th- and 10th-generation), as well as Intel Xeon Processor E3 v5 and v6, and Intel Xeon Processor E-2100 and E-2200 families are at risk."

It appears that the Xeon CPUs in the 6,1 and 7,1 also do not support SGX.

 

[MarkC426]

Personally I‘m over this now, I might as well wear a tin hat, rather than worry about every new cpu problem that appears each week.
I went for years without even knowing of vulnerabilities before I was on these forums, and was perfectly happy and safe.
Ignorance is bliss..........

 

[MarkC426]

Are there any Terminal wizz’s here.
There must be a ‘reverse’ way to re-enable hyperthreading in terminal without a pram reset.

I don’t want to mess with the current setup by resetting.
Just a thought.

 

[w1z]

Are there any Terminal wizz’s here.
There must be a ‘reverse’ way to re-enable hyperthreading in terminal without a pram reset.

I don’t want to mess with the current setup by resetting.
Just a thought.

Execute:

sudo nvram -d SMTDisable

Enter password then shutdown and power on again.

Optional:

Remove "cwae=2" from boot-args

 

[MarkC426]

Thanks mate, will give it a go.... ?

 

[w1z]

Thanks mate, will give it a go....

You're welcome. You will need to have SIP disabled to re-enable HT or without SIP disabled via recovery. I can't remember if the same applies to deleting nvram variables.

Cheers

Edit: To disable HT

sudo nvram SMTDisable=%01

SIP must be disabled or partially enabled with NVRAM protection disabled. Shutdown then power on again.