Interesting, thanks! Still would be nice to get official confirmation from Apple on Sierra/El Cap.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Confirms 'Meltdown' and 'Spectre' Vulnerabilities Impact All Macs and iOS Devices, Some Fixes Already Released [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Interesting, thanks! Still would be nice to get official confirmation from Apple on Sierra/El Cap.
You probably meant "Anything beyond El Capitan is EOL."
That would be great since it is not possible to update the MacOS past El Capitan in many computers which are still functioning. Apple has not come out with an update to the Mac Pro except for machines that contain electronics which are already 4+ years old.
No ARM said some of their chips *might* be vulnerable and custom chips like Apple's, Samsung's, etc ... could've also implemented the same vulnerability in hardware. Still a little odd, but not out of left field.
Having said that, the fix is unlikely to impact standard iOS workloads.
ARM has said that some of its designs may be vulnerable
https://arstechnica.com/gadgets/201...odern-processor-has-unfixable-security-flaws/
That's a better link ...
Guess I'm busting back out my 486SX20 (without the math coprocessor), and dropping back to 32bit Linux and Windows 3.1.
Doom, Duke Nukem, and Leisure Suit Larry, here I come!
BL.
The fixes were indeed backported to Sierra and El Capitain in the Security update.
That's damned curious... Meltdown is Intel specific. Why do they need to patch iOS and tvOS for an Intel specific bug?
Actually meltdown isn't truly Intel specific (see posts 28 and 29)
Those just happen to be the biggest 3, but you can pretty much bet that any CPU that uses speculative execution logic is vulnerable.
Where are the Apple cheerleaders who were chastising Intel for this hardware flaw?
It's pretty clear Apple processors are affected as well. Where's chastising now for Apple?
It's pretty clear Apple processors are affected as well. Where's chastising now for Apple?
I read that Spectre was a problem related to the x86-64 spec, meaning that all 64bit processors would be affected. so AMD would also have the problem.. I believe that is what the original article said at The Register.
BL.
Guess I'm busting back out my 486SX20 (without the math coprocessor), and dropping back to 32bit Linux and Windows 3.1.
Doom, Duke Nukem, and Leisure Suit Larry, here I come!
BL.
Lol, am wondering how much the latest xbox and ps4 consoles will take a performance hit if they decide to patch those
Apple doesn't make its own processors. It hasn't for a while. They migrated all of that over to Intel, which is where the primary source of the problem is.
If we're talking companies now, nearly all Cloud services are impacted as well. Amazon S2, AWS, Google, Azure, etc. This is bigger than just one company.
BL.
January 9 was the agreed-upon date for all parties involved to publicly talk about it, but news of it leaked early.
apple designs plenty of their own processors for manufacturing for companies such as samsung and TSMC to make.
just one example.
https://en.wikipedia.org/wiki/Apple_A9
And I still have to laugh at the name of the patch for Linux. You can't tell they aren't pissed off.
BL.
What was it?
While both Spectre and Meltdown are related to speculative execution, the important distinction is that Meltdown is relatively easy to exploit and read all of the memory. Spectre is difficult to exploit and specifically is very timing dependent. Spectre is also extremely difficult - if not impossible - to patch.
EDIT: I'm wrong.
Last edited:
Meltdown is not Intel specific.
Anything that uses KPTI is potentially vulnerable.
Apple has just confirmed its processors are vulnerable but now patched.
https://support.apple.com/en-us/HT208394
"Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation."
I've read articles about Spectre being hard to patch and may require new hardware design to completely mitigate. And difficult to exploit.
No they're referring to Meltdown.
Meltdown
"The researchers say they haven't been able to perform the same kind of kernel memory-based speculation on AMD or ARM processors, though they hold out some hope that some way of using this speculation offensively will be developed. While AMD has stated specifically that its chips don't speculate around kernel addresses in this way, ARM has said that some of its designs may be vulnerable, and ARM employees have contributed patches to Linux to protect against Meltdown."
https://arstechnica.com/gadgets/201...odern-processor-has-unfixable-security-flaws/
https://developer.arm.com/support/security-update
========================
And it seems Apple implemented hardware vulnerable to it as well. It may not be vulnerable in the same way, but they still felt it necessary to issue patches because it could still be vulnerable.
https://support.apple.com/en-us/HT208394
Everything I have read has stated that Meltdown is thought to only impact Intel chips as it is the only platform they've been able to observe the possible exploit on so far. That doesn't automatically give other processors a clean bill of health. All these processors do speculative processing, and Apple very well could have R&Ded (ripped of and duplicated) Intel's implementation for their custom A-series chips. Or there could be another avenue not yet discovered that is vulnerable to a similar attack.
Huh?
I'm talking about Apple application processors like A10. Those processors are affected by Meltdown.
Do they conform to the x86-64 spec? If they don't, they aren't impacted.
EDIT: They do conform to the A64 spec, which is a derivative of ARM, so they may be impacted.
BL.