Tag Archives: Firefox

macOS Monterey Memory Leak : Solutions You Can Try!

macOS Monterey continues to be plagued by an insidious memory leak problem that Apple does not seem able to fix.

So here are a few workarounds that you can try!

 

macOS Monterey Memory Leak : What’s Going On?

Ever since it was released on 25 October 2021, macOS Monterey has been plaguing users with an insidious memory leak problem.

And even as Christmas approaches, Apple is still unable to fix the problem. Here is what we know so far…

It Gobbles Up Insane Amounts Of Memory

The memory leak quietly eats up insane amounts of memory, creeping up on users without warning.

A single affected app like Firefox can gobble up almost 80 GB of memory. Even a critical macOS process like WindowServer can end up using 24 GB of memory, while the Mail app can use more than 100 GB of memory!

Unless you have been keeping an eye on memory usage, you will only realise this is happening when you get the warning that “Your system has run out of application memory” with a request to Force Quit apps you are not using.

It Appears To Be An OS Issue

This Monterey memory leak affects many different apps with no obvious culprit in sight :

  • Internet browsers like Firefox and Safari
  • Apps like Tweetbot and Final Cut Pro
  • macOS features like Control Center, Mail and Finder
  • macOS processes like WindowsServer

That strongly suggests that it is an operating system issue, and not a bug in any particular app.

It Affects Intel + Apple Silicon Models

This Monterey memory leak problem is not platform-specific, and affects both Intel and Apple Silicon models.

So you are not going to be able to “escape” this memory leak problem by upgrading to the new M1 Pro / Max-powered MacBook Pro laptops.

 

macOS Monterey Memory Leak : Possible Solutions

Unfortunately, Apple still does not seem to be able to plug this insidious macOS Monterey memory leak. So here are some solutions that may work for you…

Revert To Standard Mouse Pointer

One of the new features macOS Monterey is the ability to change the mouse pointer’s size, as well as its outline and fill colours.

However, the developers at Mozilla discovered that using a non-standard mouse pointer in macOS Monterey causes a large memory leak!

This memory leak is not limited to Firefox, but occurs anytime the non-standard mouse pointer changes its look, like when you mouse over a button or a text field.

To fix this, you will need to revert to a standard mouse pointer, and here’s how to do that :

Step 1 : Go to Settings and select Accessibility.

Step 2 : Tap on the Display option, and select the Pointer tab.

Step 3 : Move the Pointer size all the way to the left (Normal).

Step 4 : Click on the Reset button to the right of Pointer outline colour and Pointer fill colour.

Step 5 : Restart your Mac, and fingers crossed – this fixes your Monterey memory leak problem!

Relaunch Finder

If you notice Finder using a prodigious amount of memory, that memory leak happens when you use the Find (⌘ F) feature in to search for files.

The easiest way to prevent this memory leak is to avoid using Finder’s Find feature. Try using the Search option on the upper right corner.

But once you get a Finder memory leak, you must relaunch it to release the leaked memory…

Option A : While in the Finder window, click on the Apple menu. Then press and hold the Shift key and click on Force Quit Finder.

Option B : Click on the Apple menu. Click Force Quit (Command + Option + Escape). Then select Finder and click on Relaunch.

Limit Use Of Control Center

Some users have reported that the Control Center can use upwards of 20GB of RAM, but most users fortunately do not encounter such terrible waste of memory.

This memory leak is easily reproducible – every time you use a control, it uses a little more RAM but does not release it.

Unfortunately, there is no way to release the leaked memory short of restarting the computer. So the best way to avoid this memory leak is to limit the use of Control Center.

Restart Apps Whenever Memory Use Is Too Much

Well, this seems obvious, but I have to throw it in anyway.

If any app, whether it’s Safari or Final Cut Pro starts using way too much memory, just close and reopen it. That should quickly recover the leaked memory.

Of course, this is only a stopgap solution until Apple releases a fix for this truly pesky memory problem in macOS Monterey…

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Software | Computer | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Everything On The Meltdown + Spectre CPU Flaws! Rev. 3.0

The Meltdown and Spectre CPU flaws that the Google Project Zero team discovered are arguably the worst we have ever known. These vulnerabilities were built into BILLIONS of CPUs that we have been using for the last decade or so.

Not just Intel CPUs, but also CPUs made by AMD, Apple and ARM. Even those that power our smartphones and other smart devices!

Let’s take a look at what we know so far about Meltdown and Spectre, how they affect you, and what we can do about them.

This story is still developing. We will update the article as and when new details emerge. Be sure to check back and refresh the page for the latest information!

 

Article Update History

Click here for the Article Update History

2018-02-17 : Updated the table of CPUs vulnerable to Meltdown and Spectre. Updated four sections with new information.

2018-02-05 : Added a table of CPUs vulnerable to Meltdown and Spectre. Updated three sections with new information.

2018-01-25 : Revamped the entire article. Added a new section on the difference between Meltdown and Spectre, and a new section on InSpectre. Updated the list of vulnerable processors, mitigation efforts by Microsoft and Apple, as well as the Intel spontaneous reboot issues with their Spectre 2 patches.

2018-01-16 : Updated the list of vulnerable processors, and added a new section on Intel CPUs spontaneously rebooting after applying Meltdown and Spectre patches. Also added cautionary advice on holding off these updates.

2018-01-12 : Updated the article with the AMD confirmation that their processors are vulnerable to both Spectre exploits. Also added details on the Google Retpoline mitigation technique against Spectre attacks.

2018-01-11 : Added new sections on the performance impact of the Meltdown and Spectre mitigation patches, and reports of those patches bricking some AMD PCs. Also expanded the list of affected CPUs, and corrected information on the Intel-SA-00086 Detection Tool.

Between 2018-01-09 and 2018-01-10 : Numerous updates including details of patches and affected CPUs.

Originally posted @ 2018-01-09

 

The Meltdown + Spectre Vulnerabilities

  • The Project Zero team identified these vulnerabilities in 2017, reporting it to Intel, AMD and ARM on 1 June 2017.
  • These vulnerabilities take advantage of the Speculative Execution and Branch Prediction features of the modern processor, that have been used for many years to improve performance.
  • Speculative Execution lets the CPU predict and pre-execute the next instruction, allowing it to “instantly” deliver the results if it’s correct.
  • Branch Prediction helps the CPU predict future execution paths that should be speculatively-executed for better performance.
  • There are THREE (3) variants of the speculative execution CPU bug :
    • Variant 1 : Bounds Check Bypass (CVE-2017-5753)
    • Variant 2 : Branch Target Injection (CVE-2017-5715)
    • Variant 3 : Rogue Data Cache Load (CVE-2017-5754)
  • The Spectre attack (whitepaper) exploits variants 1 and 2.
  • The Meltdown attack (whitepaper) exploits variant 3.
  • There is a Variant 3a, which appears to affect only certain ARM processors.

 

What’s The Difference Between Meltdown & Spectre?

  • Spectre tricks the CPU branch predictor into mis-predicting the wrong path, thereby speculatively executing code that would not otherwise be executed.
  • Meltdown takes advantage of the out-of-order execution capability of modern processors, tricking them into executing malicious code that would normally not be allowed.
  • The Spectre name is based on both the root cause – speculative execution, and the fact that it is not easy to fix, and will haunt us for a long time like a spectre (ghost).
  • The Meltdown name was chosen because the vulnerability “basically melts security boundaries which are normally enforced by the hardware“.

 

How Bad Are Meltdown & Spectre?

  • The Spectre exploits let an attacker access and copy information from the memory space used by other applications.
  • The Meltdown exploit lets an attacker copy the entire physical memory of the computer.
  • Unless patched, the affected processors are vulnerable to malware and cyberattacks that exploits this CPU bug to steal critical information from running apps (like login and credit card information, emails, photos, documents, etc.)
  • While the Meltdown exploit can be “fixed”, it is likely that the Spectre exploit cannot be fixed, only mitigated, without a redesign of the processors. That means we will have to live with the risks of a Spectre attack for many more years to come.

 

How Many Processors Are Affected? Updated!

For the complete list of affected AMD, Apple, ARM and Intel processors, please see this separate article – The Complete List Of CPUs Vulnerable To Meltdown / Spectre

Company Spectre 1 Spectre 2 Meltdown
AMD 295 Server CPUs
42 Workstation CPUs
396 Desktop CPUs
208 Mobile CPUs
295 Server CPUs
42 Workstation CPUs
396 Desktop CPUs
208 Mobile CPUs
None
Apple 13 Mobile SoCs 13 Mobile SoCs 13 Mobile SoCs
ARM 10 Mobile CPUs
3 Server SoCs
10 Mobile CPUs
3 Server SoCs
4 Mobile CPUs
3 Server SoCs
IBM 10 POWER CPUs 10 POWER CPUs 10 POWER CPUs
Intel 732 Server / Workstation CPUs
443 Desktop CPUs
583 Mobile CPUs
51 Mobile SoCs
732 Server / Workstation CPUs
443 Desktop CPUs
583 Mobile CPUs
51 Mobile SoCs
732 Server / Workstation CPUs
443 Desktop CPUs
583 Mobile CPUs
51 Mobile SoCs

Total

2786 CPUs 2786 CPUs 1839 CPUs

For the complete list of affected AMD, Apple, ARM and Intel processors, please see this separate article – The Complete List Of CPUs Vulnerable To Meltdown / Spectre

 

Intel Detection Tool?

The Intel-SA-00086 Detection Tool does NOT detect the processor’s susceptibility to these vulnerabilities. It only checks for different vulnerabilities affecting the Intel Management Engine.

 

InSpectre

Our reader Arthur shared that the Gibson Research Corporation has an aptly-named utility called InSpectre.

It checks for Meltdown and Spectre hardware and software vulnerabilities in a Windows system. It will help you check if your system is getting patched properly against these vulnerabilities.

 

What Is Being Done??? Updated!

Note : The terms “mitigate” and “mitigation” mean the possibility of a successfully attacked are reduced, not eliminated.

  • Intel has started issuing software and firmware updates for the processors introduced in the last 5 years. By the middle of January 2018, Intel expects to have issued updates for more than 90% of those CPUs. However, that does not address the other Intel processors sold between 2010 and 2012.
  • Microsoft and Linux have started to roll our the KPTI (Kernel Page Table Isolation) patch, also known as the KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) patch.
  • The KPTI or KAISER patch, however, will only protect against the Meltdown exploit. It has no effect on a Spectre attack.
  • Microsoft Edge and Internet Explorer 11 received the KB4056890 security update on 3 January 2018, to prevent a Meltdown attack.
  • Firefox 57 includes changes to mitigate against both attacks.
  • Google Chrome 64 will be released on 23 January 2018, with mitigations against Meltdown and Spectre attacks.
  • For Mac systems, Apple introduced mitigations against Spectre in macOS 10.13.2 (released on 8 January 2018), with more fixes coming in macOS 10.13.3.
  • For iOS devices, Apple introduced mitigations against Meltdown in iOS 11.2 and tvOS 11.2.
  • On 8 January 2018, Apple released iOS 11.2.2, which mitigates the risk of the two Spectre exploits in Safari and WebKit, for iPhone 5s, iPad Air, and iPod touch 6th generation or later.
  • ARM has made available the KPTI / KAISER kernel patches for Linux, while Google will provide them for Android.
  • Google patched Android against both exploits with the December 2017 and January 2018 patches.
  • Google shared details of their Return Rrampoline (Retpoline) binary modification technique that can be used to protect against Spectre attacks. It is a software construct that ensures that any associated speculative execution will “bounce” (as if on a trampoline) endlessly.
  • NVIDIA issued six driver and security updates for affected devices and software between 3-9 January 2018.
  • On 11 January 2018, AMD announced that the “majority of AMD systems” have received the mitigation patches against Spectre 1, albeit some older AMD systems got bricked by bad patches. They also announced that they will make “optional” microcode updates available for Ryzen and EPYC processors by the same week.
  • In the same 11 January 2018 disclosure, AMD also shared that Linux vendors have started to roll out OS patches for both Spectre exploits, and they’re working on the “return trampoline (Retpoline)” software mitigations as well.[adrotate group=”2″]
  • On 23 January 2018, Apple released Meltdown patches for macOS Sierra and OS X El Capitan, but not macOS High Sierra.
  • On 23 January 2018, Microsoft finally revealed their Spectre and Meltdown patch schedule.
  • On 24 January 2018, AMD revealed their 11 software mitigations for both Spectre exploits.
  • The 24 January 2018 AMD whitepaper also revealed that the AMD K10 and K8 processors are vulnerable as well, adding an additional 663 CPU models to the list of vulnerable processors.
  • On 2 February 2018, Microsoft released KB4078130 to disable the Spectre 2 patches that were causing many Intel systems to randomly and spontaneously reboot.
  • On 8 February 2018, an Intel microcode update schedule revealed that their Penryn-based processors are also vulnerable, adding an additional 314 CPU models to the list of vulnerable processors.
  • On 14 February 2018, Intel revealed an expanded Bug Bounty Program, offering up to $250,000 in bounty awards.

 

Some AMD PCs Got Bricked

In the rush to mitigate against Meltdown and Spectre, Microsoft released Windows 10 patches that bricked some AMD PCs. They blamed the incorrect / incomplete documentation provided by AMD.

You can read more about this issue @ These Windows 10 Updates Are Bricking AMD PCs!

 

Buggy Intel Spectre 2 Patches Updated!

Intel’s rush to patch Meltdown and Spectre resulted in buggy microcode patches, causing several generations of their CPUs to randomly and spontaneously reboot.

So far, over 800 Intel CPU models have been identified to be affected by these spontaneous reboot issues. If you have one of the affected CPUs, please hold off BIOS / firmware updates!

Intel has identified the cause as the Spectre 2 patches in their microcode updates for some of these processors. They’re still investigating the cause of the other affected CPU models.

Fortunately for Windows users, Microsoft issued the KB4078130 emergency update to stop the reboots while Intel worked to fix the issue.

You can read more about this issue @ The Intel Spectre Reboot Issue, and the Microsoft solution @ KB4078130 : Emergency Windows Update To Disable Intel Spectre Patches!

 

What Should You Do? Updated!

First and foremost – DO NOT PANIC. There is no known threat or attack using these exploits.

Although we listed a number of important patches below, the buggy updates are worse than the potential threat they try to fix. So we advise HOLDING OFF these patches, and wait for properly-tested versions a few weeks down the line.

  • If you are using Windows, make sure you install the latest Microsoft Spectre and Meltdown updates.
  • If you are using a Mac system, get the latest Apple Spectre and Meltdown patches.
  • If you are using an iOS device, get updated to iOS 11.2 or tvOS 11.2.
  • If you are using Firefox, update to the latest Firefox 57.
  • If you are using Google Chrome, make sure you watch out for Chrome 64, which will be released on 23 January.
  • Download and install the latest software firmware updates from your PC, laptop, motherboard brands. In particular, install the latest driver for the Intel Management Engine (Intel ME), the Intel Trusted Execution Engine (Intel TXE), and the Intel Server Platform Services (SPS)
  • If you are running an ARM processor on Linux, grab the kernel patches.
  • IBM POWER system users can download and install these firmware updates.
  • Users of affected NVIDIA systems can download and install these driver and firmware updates.
  • If you are using an Intel system, hold off updating your firmware, unless you have already verified that your CPU is not affected by the buggy Intel patches, or Intel has already issued corrected patches.

 

The Performance Impact Of The Mitigation Patches

Many benchmarks have been released, showing performance impacts of between 5% to 30%, depending on the type of benchmark and workload. Microsoft has called those benchmark results into question, stating that they did not cover both operating system and silicon microcode patches.

They released an initial report on their findings, which we have summarised in our article – Pre-2016 Intel CPUs Hit Worst By Meltdown + Spectre Fix.

 

Meltdown + Spectre Reading Suggestions

[adrotate group=”2″]

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!