advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
I hope Intel's Management Engine isn't running on my Macs
Posted by: MacJeepster
Date: December 04, 2017 05:52AM
Does anyone know?
Sounds like the sort of thing Apple would quash.
[it.slashdot.org]



-mj



Edited 2 time(s). Last edit at 12/04/2017 02:30PM by MacJeepster.
Options:  Reply • Quote
Re: I home Intel's Management Engine isn't running on may Macs
Posted by: Onamuji
Date: December 04, 2017 06:53AM
FYI...

What is this thing:
[www.howtogeek.com]

Why it's bad:
[en.wikipedia.org]

It's enabled on Macs. Apple has not publicly indicated any desire to disable it.

Firmware updates may address some of the vulnerabilities, but whether any firmware updates have patched the recently-disclosed vulnerabilities and proof-of-concept exploits is unknown; Apple doesn't provide firmware updates for old Macs (with some of these vulnerabilities going back to 2008); and it's been revealed recently that many firmware updates are not installed with OS updates as they're supposed to be.

So, plain and simple: You are undoubtedly at some risk from IME.

...Since this stuff is almost entirely undocumented (at east for the general public), I doubt that anyone here is in a position to evaluate the extent of the risk.



Options:  Reply • Quote
Re: I home Intel's Management Engine isn't running on may Macs
Posted by: MacJeepster
Date: December 04, 2017 07:43AM
Yeah, I read the Wikipedia entry; that's why I'm concerned. It sounds like the same kinda thing Apple refuses to do on the iPhone for the FBI.
If so, it's probably just a matter of time before some bad guys exploit it and rob us all (if it hasn't already happened).
If this is all true, this is one more huge reason to stop putting Intel inside Macs and move over to Apple's ARM processors.



-mj
Options:  Reply • Quote
Re: I home Intel's Management Engine isn't running on may Macs
Posted by: Onamuji
Date: December 04, 2017 07:57PM
Quote
MacJeepster
If this is all true, this is one more huge reason to stop putting Intel inside Macs and move over to Apple's ARM processors.

Intel is a massive single-source for multipurpose CPUs and they at least minimally document this stuff, if only to fulfill their government contracts.

There are dozens of ARM manufacturers and many many spec's with no obligation to tell us WTF they're doing.

I prefer Intel.



Options:  Reply • Quote
Re: I hope Intel's Management Engine isn't running on my Macs
Posted by: Winston
Date: December 04, 2017 07:58PM
The Intel-SA-00086 Detection Tool is only available for Windows and Linux. No OS X version.
[downloadcenter.intel.com]

So, if you have Windows installed on a Mac, you could run it, but OS X users are SOL.

Intel has a list of affected processor types (also on Wikipedia)
[www.intel.com]

The problem affects on Macs:
- Intel Core - 6th, 7th and 8th generation (6xxx-8xxx) (= Skylake and Kaby Lake i3, i5, i7)
- Intel Xeon - some models (some Mac Pros)

The list doesn't mention Core, Core Duo, Core 2 Duo or Core M processors, so older MacBooks, older MacBook Pros, and newer MacBooks, except for the mid-2017 i5/i7 MacBooks should be OK.
(Unless of course they have problems which just haven't been disclosed.)

So my 2010 Core2Duo MacBook Pro should be OK.

Per:
[osxdaily.com]
You can find your exact Intel processor via Terminal with this command:
Quote

sysctl -n machdep.cpu.brand_string

Mine came back as:
Quote

Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz



------------------------
Be seeing you.



Edited 1 time(s). Last edit at 12/04/2017 08:19PM by Winston.
Options:  Reply • Quote
Re: I hope Intel's Management Engine isn't running on my Macs
Posted by: Winston
Date: December 04, 2017 08:17PM
From the Wikipedia article:
Quote

Essentially every Intel-based computer since Skylake (which was launched in August 2015), including most desktops and servers, were found to be vulnerable to having their security compromised, although all the potential routes of exploitation were not entirely known. It is not possible to patch the problems from the operating system, and a firmware (UEFI, BIOS) update to the motherboard is required, which was anticipated to take quite some time for the many individual manufacturers to accomplish, if it ever would be for many systems.

Emphasis added.

Oh joy.

And the Core m3, m5 and m7 were part of Skylake:
[en.wikipedia.org]
So probably should have been in the Wikipedia list of affected processors.



------------------------
Be seeing you.
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 127
Record Number of Users: 186 on February 20, 2020
Record Number of Guests: 5122 on October 03, 2020