Do the chips in 2018 Macbook Pros have fixes for Spectre and Meltdown?

Intel announced via press release that the patched CPUs will be integrated into their hardware in the 8th generation chips shipping the second half of 2018:

These changes will begin with our next-generation Intel® Xeon® Scalable processors (code-named Cascade Lake) as well as 8th Generation Intel® Core™ processors expected to ship in the second half of 2018.

Anything manufactured prior to 2H 2018 will be updated via microcode software patch:

First, we have now released microcode updates for 100 percent of Intel products launched in the past five years that require protection against the side-channel method vulnerabilities

Which Chips?

The three new chips that were released in Q3 2018 are (all mobile):

  • Kaby Lake G (9706G)
  • Whiskey Lake (8565U)
  • Amber Lake (8500Y)

Whiskey Lake is the only CPU line to have the actual fixes in hardware where as Amber Lake and Kaby Lake G are both "Kaby Lake" based CPUs.

The situation with Amber Lake is a little different. Intel confirmed to us that Amber Lake is still Kaby Lake – including being built on the 14+ process node – making it identical to Kaby Lake Refresh as far as the CPU die is concerned. In essence, these parts are binned to go within the 5W TDP at base frequency. But as a result, Amber Lake shares the same situation as Kaby Lake Refresh: all side channel attacks and mitigations are done in firmware and operating system fixes. Nothing in Amber Lake is protected against in hardware.

Emphasis Mine

Bottom line, unless you're running a Whiskey Lake CPU, mitigations are still done in the OS and in firmware microcode.


Get Your CPU Identifier

To find which CPU your system currently configured with, issue this command:

$ sysctl -n machdep.cpu.brand_string

It will output something similar to the following:

Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz

Fixing all timing side-channel attacks on systems which use aggressive speculation is still a research topic. But there are reportedly fixes in Intel processor microcode (some in cooperation with some OS fixes) which make some of these side-channel attacks more difficult and/or slower.