I hope Intel's Management Engine isn't running on my Macs

[MacJeepster]

Does anyone know?
Sounds like the sort of thing Apple would quash.
https://it.slashdot.org/story/17/11/30/2...ux-laptops

[Onamuji]

FYI...

What is this thing:
https://www.howtogeek.com/334013/intel-m...-your-cpu/

Why it's bad:
https://en.wikipedia.org/wiki/Intel_Mana...rabilities

It's enabled on Macs. Apple has not publicly indicated any desire to disable it.

Firmware updates may address some of the vulnerabilities, but whether any firmware updates have patched the recently-disclosed vulnerabilities and proof-of-concept exploits is unknown; Apple doesn't provide firmware updates for old Macs (with some of these vulnerabilities going back to 2008); and it's been revealed recently that many firmware updates are not installed with OS updates as they're supposed to be.

So, plain and simple: You are undoubtedly at some risk from IME.

...Since this stuff is almost entirely undocumented (at east for the general public), I doubt that anyone here is in a position to evaluate the extent of the risk.

[MacJeepster]

Yeah, I read the Wikipedia entry; that's why I'm concerned. It sounds like the same kinda thing Apple refuses to do on the iPhone for the FBI.
If so, it's probably just a matter of time before some bad guys exploit it and rob us all (if it hasn't already happened).
If this is all true, this is one more huge reason to stop putting Intel inside Macs and move over to Apple's ARM processors.

[Onamuji]

MacJeepster wrote:
If this is all true, this is one more huge reason to stop putting Intel inside Macs and move over to Apple's ARM processors.

Intel is a massive single-source for multipurpose CPUs and they at least minimally document this stuff, if only to fulfill their government contracts.

There are dozens of ARM manufacturers and many many spec's with no obligation to tell us WTF they're doing.

I prefer Intel.

[Winston]

The Intel-SA-00086 Detection Tool is only available for Windows and Linux. No OS X version.
https://downloadcenter.intel.com/download/27150

So, if you have Windows installed on a Mac, you could run it, but OS X users are SOL.

Intel has a list of affected processor types (also on Wikipedia)
https://www.intel.com/content/www/us/en/...tware.html

The problem affects on Macs:
- Intel Core - 6th, 7th and 8th generation (6xxx-8xxx) (= Skylake and Kaby Lake i3, i5, i7)
- Intel Xeon - some models (some Mac Pros)

The list doesn't mention Core, Core Duo, Core 2 Duo or Core M processors, so older MacBooks, older MacBook Pros, and newer MacBooks, except for the mid-2017 i5/i7 MacBooks should be OK.
(Unless of course they have problems which just haven't been disclosed.)

So my 2010 Core2Duo MacBook Pro should be OK.

Per:
http://osxdaily.com/2011/07/15/get-cpu-i...-mac-os-x/
You can find your exact Intel processor via Terminal with this command:

sysctl -n machdep.cpu.brand_string

Mine came back as:

Intel® Core™2 Duo CPU P8600 @ 2.40GHz

[Winston]

From the Wikipedia article:

Essentially every Intel-based computer since Skylake (which was launched in August 2015), including most desktops and servers, were found to be vulnerable to having their security compromised, although all the potential routes of exploitation were not entirely known. It is not possible to patch the problems from the operating system, and a firmware (UEFI, BIOS) update to the motherboard is required, which was anticipated to take quite some time for the many individual manufacturers to accomplish, if it ever would be for many systems.

Emphasis added.

Oh joy.

And the Core m3, m5 and m7 were part of Skylake:
https://en.wikipedia.org/wiki/Skylake_(m...processors
So probably should have been in the Wikipedia list of affected processors.