MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,202
16,023



Along with macOS High Sierra 10.13.3, Apple this morning released two new security updates that are designed to address the Meltdown and Spectre vulnerabilities on machines that continue to run macOS Sierra and OS X El Capitan.

As outlined in Apple's security support document, Security Update 2018-001 available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 offers several mitigations for both Meltdown and Spectre, along with fixes for other security issues, and the updates should be installed immediately.

meltdownspectre-800x499.jpg

Apple addressed the Meltdown and Spectre vulnerabilities in macOS High Sierra with the release of macOS High Sierra 10.13.2, but older machines were left unprotected. Apple initially said a prior security update included fixes for the two older operating systems, but that information was later retracted.

Spectre and Meltdown are two hardware-based vulnerabilities that impact nearly all modern processors. Apple in early January confirmed that all of its Mac and iOS devices were impacted, but Meltdown mitigations were introduced ahead of when the vulnerabilities came to light in iOS 11.2 and macOS 10.13.2, and Spectre was addressed through Safari updates in iOS 11.2.2 and a macOS 10.13.2 Supplemental Update.

Spectre and Meltdown take advantage of the speculative execution mechanism of a CPU. As these use hardware-based flaws, operating system manufacturers are required to implement software workarounds. These software workarounds can impact processor performance, but according to Apple, the Meltdown fix has no measurable performance reduction across several benchmarks.

The Spectre Safari mitigations have "no measurable impact" on Speedometer and ARES-6 tests, and an impact of less than 2.5% on the JetStream benchmark.

Many PCs with Intel processors have been facing serious issues following the installation of patches with fixes for Meltdown and Spectre, but these problems do not appear to impact Apple's machines.

Article Link: Apple Addresses Meltdown and Spectre in macOS Sierra and OS X El Capitan With New Security Update
 

crazy dave

macrumors 6502
Sep 9, 2010
419
233
yay! :)
[doublepost=1516735640][/doublepost]
Do we know the % of Meltdown and Spectre bugs that are patched? Or is that impossible/difficult to determine?

The impression I get is that Meltdown is fully patched, but Spectre represents a new class of attacks where no one even really knows how many different kinds of attacks are possible. This patch addresses the current known ones.
 
Comment

ArtOfWarfare

macrumors G3
Nov 26, 2007
9,283
5,414
i guess my ibook g4 will be left vulnerable...

Probably not. I'm not all that familiar with PPC, but I know that, for example, the ARM chips used by Raspberry Pi aren't vulnerable. The vulnerability comes from Speculative Execution, something that wastes a lot of power in the name of saving time. My understanding is Intel only started doing it in 2004, as they ran out of other ways to make the CPU run faster. I don't know that PPC started doing it earlier than Intel, but I would guess not.
 
Comment

SeaFox

macrumors 68030
Jul 22, 2003
2,583
895
Somewhere Else
Was it ever confirmed that PowerPC chips were at risk?

I'm pretty sure he was joking. You're aware how old that computer is, right?

Great but how do you check that macOS Sierra has been patched and received this update ?

The same way you check to see if you have received any other security updates? You're looking for "Security Update 2018-001".
 
Comment

Deacon-Blues

macrumors 6502a
Aug 15, 2012
587
697
California
Safari seems less snappy.

Okay not really. The estimated 2.5% hit to performance is significantly less than the early doomsday predictions we were hearing about a week ago, thankfully.
 
Comment

bobbie424242

macrumors 6502
May 16, 2015
280
358
The same way you check to see if you have received any other security updates? You're looking for "Security Update 2018-001".

Yup , should have gone to the App Store updates page before asking.
 
Last edited:
Comment

kemal

macrumors 68000
Dec 21, 2001
1,668
1,828
Nebraska
I thought we had the Meltdown fix for 11.6 and 12.6 on 6DEC2017?
[doublepost=1516736880][/doublepost]
Can we get the same for iOS 10?

It is called iOS 11. If you can't run it then you have an A6 or earlier which doesn't so much have an issue.
 
Comment

BornAgainMac

macrumors 604
Feb 4, 2004
6,823
4,162
Florida Resident
If wonder if it is necessary to patch every VM if the host OS that is supporting the VMs is patched?

For example, you may have a server in the data center running VMware running on top of Windows 2016 server. If you patch Windows 2016 server (from Microsoft's security updates), all the VMs under your VMWare platform if not patched will not be an issue.
 
Comment

Iphtashu Fitz

macrumors regular
May 5, 2008
117
137
outside Boston
I wonder how reliable Apple's patches are given that Linus Torvalds has condemned the patches submitted to the linux kernel by Intel:
the patches are COMPLETE AND UTTER GARBAGE.

And that's actually ignoring the much worse issue, namely that the whole hardware interface is literally mis-designed by morons.

Linus is never one to mince words...
 
Comment

zorinlynx

macrumors 604
May 31, 2007
6,813
11,936
Florida, USA
I wonder how reliable Apple's patches are given that Linus Torvalds has condemned the patches submitted to the linux kernel by Intel:




Linus is never one to mince words...

That's one thing I love about him. He loves Linux and he wants to make it the best system it can be. He doesn't bother with political correctness or being nice. If someone writes bad code, he lets them know, harshly. Everyone who works with him knows not to take things personally.

We need more people like that in QC and management positions at companies like Apple. Steve Jobs was much the same way.
 
Comment

joema2

macrumors 68000
Sep 3, 2013
1,616
828
Was it ever confirmed that PowerPC chips were at risk?

Very early PowerPC CPUs might not be vulnerable, but starting with the PowerPC 604 (used in the Power Mac 7600) in 1996, that CPU family used out-of-order speculative execution and branch prediction, which are the main criteria for Spectre vulnerability: https://everymac.com/systems/apple/powermac/specs/powermac_7600_120.html

If so the PowerPC 970 used in the last PowerMac G5 would also be at risk from Spectre.

The similar "Power Architecture" IBM Power8 and Power9 CPUs, also the Z14 CPU used in IBM mainframes were all singled out by Red Hat as vulnerable.

Even older RISC workstations using the MIPS R10000 or DEC Alpha 21264 CPUs might be vulnerable since they all share the same characteristics.

On the Intel side, it would seem any Intel CPU since the Pentium Pro in 1995 would be vulnerable to Spectre. That is when Intel (and most of the other CPU manufacturers) started using out-of-order speculative execution and branch prediction.
 
Comment

crazy dave

macrumors 6502
Sep 9, 2010
419
233
I thought we had the Meltdown fix for 11.6 and 12.6 on 6DEC2017?

No, this is the patch actually seems to be Meltdown (people thought the earlier one might be, but it wasn't) ...

However the article is slightly misleading as Spectre was actually patched in for Sierra and El Cap in Safari updates Jan 8th (11.02). The new update doesn't address Spectre.

https://support.apple.com/en-us/HT208403
 
Last edited:
Comment

crazy dave

macrumors 6502
Sep 9, 2010
419
233
Safari seems less snappy.

:)

Okay not really. The estimated 2.5% hit to performance is significantly less than the early doomsday predictions we were hearing about a week ago, thankfully.

The doomsday performance predictions were for Meltdown (30% on certain workloads - important for HPC/database work). The above 2.5% performance penalty is for Spectre mitigations. Unfortunately for Spectre there *might* be many, many more attacks possible than the current ones known - that's its doomsday prediction.
 
Comment

Andydigital

macrumors regular
Feb 9, 2013
171
24
My Early 2013 Macbook Pro is rebootiing every 3 minutes or so, even when sat doing nothing, since installing this Sierra update. DONT DO IT!!!!!!!!! Apple are fecking idiots.
[doublepost=1516738442][/doublepost]It's literally sat with no programs running at all, everything shut down but the OS and it is rebooting after about 2 minutes.
[doublepost=1516738557][/doublepost]It's even rebooting when I try to go to recovery mode or whatever its called, well done Apple I have a huge paperweight now.

Edit: I did get this sorted eventually, it was actually my Anti Virus software (ESET Cyber Security Pro) not liking the changes made to the OS to mitigate Meltdown and Specter. Keep reading my other posts for more info.
 
Last edited:
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.