+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: I hope Intel's Management Engine isn't running on my Macs (/showthread.php?tid=211272)
I hope Intel's Management Engine isn't running on my Macs - MacJeepster - 12-04-2017
Does anyone know?
Sounds like the sort of thing Apple would quash.
https://it.slashdot.org/story/17/11/30/2230208/system76-will-disable-intel-management-engine-on-its-linux-laptops
Re: I home Intel's Management Engine isn't running on may Macs - Onamuji - 12-04-2017
FYI...
What is this thing:
https://www.howtogeek.com/334013/intel-management-engine-explained-the-tiny-computer-inside-your-cpu/
Why it's bad:
https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities
It's enabled on Macs. Apple has not publicly indicated any desire to disable it.
Firmware updates may address some of the vulnerabilities, but whether any firmware updates have patched the recently-disclosed vulnerabilities and proof-of-concept exploits is unknown; Apple doesn't provide firmware updates for old Macs (with some of these vulnerabilities going back to 2008); and it's been revealed recently that many firmware updates are not installed with OS updates as they're supposed to be.
So, plain and simple: You are undoubtedly at some risk from IME.
...Since this stuff is almost entirely undocumented (at east for the general public), I doubt that anyone here is in a position to evaluate the extent of the risk.
Re: I home Intel's Management Engine isn't running on may Macs - MacJeepster - 12-04-2017
Yeah, I read the Wikipedia entry; that's why I'm concerned. It sounds like the same kinda thing Apple refuses to do on the iPhone for the FBI.
If so, it's probably just a matter of time before some bad guys exploit it and rob us all (if it hasn't already happened).
If this is all true, this is one more huge reason to stop putting Intel inside Macs and move over to Apple's ARM processors.
Re: I home Intel's Management Engine isn't running on may Macs - Onamuji - 12-05-2017
MacJeepster wrote:
If this is all true, this is one more huge reason to stop putting Intel inside Macs and move over to Apple's ARM processors.
Intel is a massive single-source for multipurpose CPUs and they at least minimally document this stuff, if only to fulfill their government contracts.
There are dozens of ARM manufacturers and many many spec's with no obligation to tell us WTF they're doing.
I prefer Intel.
Re: I hope Intel's Management Engine isn't running on my Macs - Winston - 12-05-2017
The Intel-SA-00086 Detection Tool is only available for Windows and Linux. No OS X version.
https://downloadcenter.intel.com/download/27150
So, if you have Windows installed on a Mac, you could run it, but OS X users are SOL.
Intel has a list of affected processor types (also on Wikipedia)
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
The problem affects on Macs:
- Intel Core - 6th, 7th and 8th generation (6xxx-8xxx) (= Skylake and Kaby Lake i3, i5, i7)
- Intel Xeon - some models (some Mac Pros)
The list doesn't mention Core, Core Duo, Core 2 Duo or Core M processors, so older MacBooks, older MacBook Pros, and newer MacBooks, except for the mid-2017 i5/i7 MacBooks should be OK.
(Unless of course they have problems which just haven't been disclosed.)
So my 2010 Core2Duo MacBook Pro should be OK.
Per:
http://osxdaily.com/2011/07/15/get-cpu-info-via-command-line-in-mac-os-x/
You can find your exact Intel processor via Terminal with this command:
sysctl -n machdep.cpu.brand_string
Mine came back as:
Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Re: I hope Intel's Management Engine isn't running on my Macs - Winston - 12-05-2017
From the Wikipedia article:
Essentially every Intel-based computer since Skylake (which was launched in August 2015), including most desktops and servers, were found to be vulnerable to having their security compromised, although all the potential routes of exploitation were not entirely known. It is not possible to patch the problems from the operating system, and a firmware (UEFI, BIOS) update to the motherboard is required, which was anticipated to take quite some time for the many individual manufacturers to accomplish, if it ever would be for many systems.
Emphasis added.
Oh joy.
And the Core m3, m5 and m7 were part of Skylake:
https://en.wikipedia.org/wiki/Skylake_(microarchitecture)#Mobile_processors
So probably should have been in the Wikipedia list of affected processors.