Hacker News new | past | comments | ask | show | jobs | submit login

Does anyone have an idea to what extent macbooks are affected? Intel ME is baked in every CPU but according to The Register [0] the AMT part is not running on Apple hardware.

[0]: https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulner...

On a 5-year old MBAir:

    # modprobe mei_me
    # modprobe mei_txe
    # modprobe mei

    # lsmod | grep mei
    mei_me                 36864  0
    mei_txe                20480  0
    mei                    86016  2 mei_me,mei_txe

    # python2  ./intel_sa00086.py 
    INTEL-SA-00086 Detection Tool
    Copyright(C) 2017, Intel Corporation, All rights reserved
    Application Version:
    Scan date: 2017-11-23 20:37:48 GMT
    *** Host Computer Information ***
    Name: mbair
    Manufacturer: Apple Inc.
    Model: MacBookAir5,2
    Processor Name: Intel(R) Core(TM) i5-3427U CPU @ 1.80GHz
    *** Intel(R) ME Information ***
    Engine: Intel(R) Management Engine
    SVN: 0
    *** Risk Assessment ***
    Based on the analysis performed by this tool: This system is not vulnerable.
"This system is not vulnerable". Meh - one can never be sure with ME running silently in the background...

When the HW dies, I'll most probably go for a Chromebook with Coreboot - and install Debian on it. I've had it - enough with this idiocy from Intel and AMD ; if they can't see how these "signed black boxes" are harming them, they deserve what's coming (open, and powerful enough architectures - i.MX8, RISC-V, etc).

These most recent vulnerabilities don't require AMT. I don't see any reports of me_cleaner being used on a Mac yet, but I'd assume they are running the same ME firmware as everything else unless there is evidence otherwise.

Most reports I've read, including the one you have just linked, state Apple hardware as unaffected by this.

Is there a official position/statement from Apple on this?

No, not yet. I went into my local Apple store and brought it up to one of the genius's and they haven't heard anything at all about the exploit from HQ. But, I can confirm that Intel's ME is present in all Apple macs. The physical hardware is completely unchanged according to the Apple genius bar employee.

It's unclear to me whether or not Apple uses Intel firmware for the non AMT portions of ME. I will report back to you when I find out. However, the evidence I've seen so far isn't looking too good, and it definitely looks like the vast majority of macs made in the last 5 years are all vulnerable, many appearing to run outdated Intel firmware to boot -- not good for Apple.

The evidence can be seen here,


where some people run a python program to check the version of their ME firmware (which works and returns numbers completely consistent with Intel firmware numbering). I wonder if Apple just isn't aware of the hack yet?

I can confirm that on a coworker's MacBook 12,1 running ArchLinux mei-amt-check[0] reports no AMT.

I'd rather have a more thorough ME test than just AMT I could run though, coupled with a statement from Apple that ME is or will be entirely neutered on Macs in the future.

[0] https://github.com/mjg59/mei-amt-check

Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact