Apple Addresses Meltdown and Spectre in macOS Sierra and OS X El Capitan With New Security Update

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jan 23, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Along with macOS High Sierra 10.13.3, Apple this morning released two new security updates that are designed to address the Meltdown and Spectre vulnerabilities on machines that continue to run macOS Sierra and OS X El Capitan.

    As outlined in Apple's security support document, Security Update 2018-001 available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 offers several mitigations for both Meltdown and Spectre, along with fixes for other security issues, and the updates should be installed immediately.

    [​IMG]

    Apple addressed the Meltdown and Spectre vulnerabilities in macOS High Sierra with the release of macOS High Sierra 10.13.2, but older machines were left unprotected. Apple initially said a prior security update included fixes for the two older operating systems, but that information was later retracted.

    Spectre and Meltdown are two hardware-based vulnerabilities that impact nearly all modern processors. Apple in early January confirmed that all of its Mac and iOS devices were impacted, but Meltdown mitigations were introduced ahead of when the vulnerabilities came to light in iOS 11.2 and macOS 10.13.2, and Spectre was addressed through Safari updates in iOS 11.2.2 and a macOS 10.13.2 Supplemental Update.

    Spectre and Meltdown take advantage of the speculative execution mechanism of a CPU. As these use hardware-based flaws, operating system manufacturers are required to implement software workarounds. These software workarounds can impact processor performance, but according to Apple, the Meltdown fix has no measurable performance reduction across several benchmarks.

    The Spectre Safari mitigations have "no measurable impact" on Speedometer and ARES-6 tests, and an impact of less than 2.5% on the JetStream benchmark.

    Many PCs with Intel processors have been facing serious issues following the installation of patches with fixes for Meltdown and Spectre, but these problems do not appear to impact Apple's machines.

    Article Link: Apple Addresses Meltdown and Spectre in macOS Sierra and OS X El Capitan With New Security Update
     
  2. vicviper789 macrumors regular

    Joined:
    Jun 5, 2013
    #2
    i guess my ibook g4 will be left vulnerable...
     
  3. nexu macrumors member

    Joined:
    Feb 24, 2017
  4. Sasparilla macrumors 65816

    Joined:
    Jul 6, 2012
  5. nutmac macrumors 68040

    Joined:
    Mar 30, 2004
    #5
    Do we know the % of Meltdown and Spectre bugs that are patched? Or is that impossible/difficult to determine?
     
  6. crazy dave macrumors regular

    Joined:
    Sep 9, 2010
    #6
    yay! :)
    --- Post Merged, Jan 23, 2018 ---
    The impression I get is that Meltdown is fully patched, but Spectre represents a new class of attacks where no one even really knows how many different kinds of attacks are possible. This patch addresses the current known ones.
     
  7. brendu macrumors 68020

    Joined:
    Apr 23, 2009
    Location:
    USA
    #7
    Was it ever confirmed that PowerPC chips were at risk?
     
  8. Paddle1 macrumors 68040

    Joined:
    May 1, 2013
    #8
    How about iOS 9 or iOS 10? Lots of devices stuck there.
     
  9. cb3 macrumors member

    Joined:
    Jun 5, 2017
    Location:
    Texas
    #9
    Apple:
    Please patch older Mac OS's as well. Thank you.
     
  10. ArtOfWarfare macrumors G3

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #10
    Probably not. I'm not all that familiar with PPC, but I know that, for example, the ARM chips used by Raspberry Pi aren't vulnerable. The vulnerability comes from Speculative Execution, something that wastes a lot of power in the name of saving time. My understanding is Intel only started doing it in 2004, as they ran out of other ways to make the CPU run faster. I don't know that PPC started doing it earlier than Intel, but I would guess not.
     
  11. bobbie424242 macrumors regular

    Joined:
    May 16, 2015
    #11
    Great but how do you check that macOS Sierra has been patched and received this update ?
     
  12. SeaFox macrumors 68030

    SeaFox

    Joined:
    Jul 22, 2003
    Location:
    Somewhere Else
    #12
    I'm pretty sure he was joking. You're aware how old that computer is, right?

    The same way you check to see if you have received any other security updates? You're looking for "Security Update 2018-001".
     
  13. Deacon-Blues macrumors 6502a

    Deacon-Blues

    Joined:
    Aug 15, 2012
    Location:
    California
    #13
    Safari seems less snappy.

    Okay not really. The estimated 2.5% hit to performance is significantly less than the early doomsday predictions we were hearing about a week ago, thankfully.
     
  14. bobbie424242, Jan 23, 2018
    Last edited: Jan 23, 2018

    bobbie424242 macrumors regular

    Joined:
    May 16, 2015
    #14
    Yup , should have gone to the App Store updates page before asking.
     
  15. FilipeTeixeira macrumors member

    Joined:
    Mar 10, 2013
    #15
    Yet. I would wait a tiny bit longer.
     
  16. kemal macrumors 65816

    kemal

    Joined:
    Dec 21, 2001
    Location:
    Nebraska
    #16
    I thought we had the Meltdown fix for 11.6 and 12.6 on 6DEC2017?
    --- Post Merged, Jan 23, 2018 ---
    It is called iOS 11. If you can't run it then you have an A6 or earlier which doesn't so much have an issue.
     
  17. BornAgainMac macrumors 603

    BornAgainMac

    Joined:
    Feb 4, 2004
    Location:
    Florida Resident
    #17
    If wonder if it is necessary to patch every VM if the host OS that is supporting the VMs is patched?

    For example, you may have a server in the data center running VMware running on top of Windows 2016 server. If you patch Windows 2016 server (from Microsoft's security updates), all the VMs under your VMWare platform if not patched will not be an issue.
     
  18. Iphtashu Fitz macrumors regular

    Joined:
    May 5, 2008
    Location:
    outside Boston
    #18
    I wonder how reliable Apple's patches are given that Linus Torvalds has condemned the patches submitted to the linux kernel by Intel:
    Linus is never one to mince words...
     
  19. zorinlynx macrumors 603

    zorinlynx

    Joined:
    May 31, 2007
    Location:
    Florida, USA
    #19
    That's one thing I love about him. He loves Linux and he wants to make it the best system it can be. He doesn't bother with political correctness or being nice. If someone writes bad code, he lets them know, harshly. Everyone who works with him knows not to take things personally.

    We need more people like that in QC and management positions at companies like Apple. Steve Jobs was much the same way.
     
  20. joema2 macrumors 68000

    joema2

    Joined:
    Sep 3, 2013
    #20
    Very early PowerPC CPUs might not be vulnerable, but starting with the PowerPC 604 (used in the Power Mac 7600) in 1996, that CPU family used out-of-order speculative execution and branch prediction, which are the main criteria for Spectre vulnerability: https://everymac.com/systems/apple/powermac/specs/powermac_7600_120.html

    If so the PowerPC 970 used in the last PowerMac G5 would also be at risk from Spectre.

    The similar "Power Architecture" IBM Power8 and Power9 CPUs, also the Z14 CPU used in IBM mainframes were all singled out by Red Hat as vulnerable.

    Even older RISC workstations using the MIPS R10000 or DEC Alpha 21264 CPUs might be vulnerable since they all share the same characteristics.

    On the Intel side, it would seem any Intel CPU since the Pentium Pro in 1995 would be vulnerable to Spectre. That is when Intel (and most of the other CPU manufacturers) started using out-of-order speculative execution and branch prediction.
     
  21. crazy dave, Jan 23, 2018
    Last edited: Jan 23, 2018

    crazy dave macrumors regular

    Joined:
    Sep 9, 2010
    #21
    No, this is the patch actually seems to be Meltdown (people thought the earlier one might be, but it wasn't) ...

    However the article is slightly misleading as Spectre was actually patched in for Sierra and El Cap in Safari updates Jan 8th (11.02). The new update doesn't address Spectre.

    https://support.apple.com/en-us/HT208403
     
  22. reggierob2 macrumors newbie

    Joined:
    Feb 25, 2009
    #22
    Did the G4 even have branch prediction? (Is it even susceptible to Spectre/Meltdown?) :) (Actually, branch prediction was not anew thing by the time the G4 came around.)
     
  23. crazy dave macrumors regular

    Joined:
    Sep 9, 2010
    #23
    :)

    The doomsday performance predictions were for Meltdown (30% on certain workloads - important for HPC/database work). The above 2.5% performance penalty is for Spectre mitigations. Unfortunately for Spectre there *might* be many, many more attacks possible than the current ones known - that's its doomsday prediction.
     
  24. Andydigital, Jan 23, 2018
    Last edited: Jan 25, 2018

    Andydigital macrumors regular

    Andydigital

    Joined:
    Feb 9, 2013
    #24
    My Early 2013 Macbook Pro is rebootiing every 3 minutes or so, even when sat doing nothing, since installing this Sierra update. DONT DO IT!!!!!!!!! Apple are fecking idiots.
    --- Post Merged, Jan 23, 2018 ---
    It's literally sat with no programs running at all, everything shut down but the OS and it is rebooting after about 2 minutes.
    --- Post Merged, Jan 23, 2018 ---
    It's even rebooting when I try to go to recovery mode or whatever its called, well done Apple I have a huge paperweight now.

    Edit: I did get this sorted eventually, it was actually my Anti Virus software (ESET Cyber Security Pro) not liking the changes made to the OS to mitigate Meltdown and Specter. Keep reading my other posts for more info.
     
  25. bsolar macrumors 6502a

    Joined:
    Jun 20, 2011
    #25

Share This Page