Jeez.
Let's all switch to AMD.
AMD is screwed as well. That's why I was asking where Cyrix is.
BL.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Confirms 'Meltdown' and 'Spectre' Vulnerabilities Impact All Macs and iOS Devices, Some Fixes Already Released [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
AMD is screwed as well. That's why I was asking where Cyrix is.
BL.
I wonder if Apple would update iOS 10.
They do when the heat gets turned up. I don’t recall them saying anything about this when 11.2 was released unless I missed it. Did I?
Not nearly to the same degree it seems.AMD is screwed as well. That's why I was asking where Cyrix is.
BL.
For those who are still holding on to their iPhone 5, 5c, etc. If Apple is nice, they’ll do it.
Edit: Actually, I think I 5, 5c support ended with 10.3 and the file system change.
That makes sense actually ... for major bugs like this companies tend to patch quietly, then when enough vendors have patched, then the bug is talked about openly. What is slightly more concerning is whether or not previous macOSes Sierra and El Cap will get security updates or if indeed the previous security updates already cover them (SecuritySteve says unlikely since the numbers don't match, but maybe). Apple really does need to confirm if the two older, still supported macOSes are secure or will be. It would be nice if the older iOSes (and even older macOSes) got updates too, but ... well ... that feels less likely
Yeah absolutely, I can understand that. I even agree with it. But when a problem like this does crop up on products that have been shipping for so long, it does make it that much harder to ensure the fix reaches everyone. The scale of the problem is that much worse. That's all I'm saying.
I did not know that about power rails
Differential power attack is it’s name. I worked on some CPUs that were accidentally immune in the 90’s, and the attack was discovered a decade later
Differential power attack is it’s name. I worked on some CPUs that were accidentally immune in the 90’s, and the attack was discovered a decade later
Cool!
And what about people with an iPhone 5 or 5c stuck on 10.2.x? That doesn’t include me, but at the moment my mom’s 5s is being kept (by me) on 10.3.3 due to performance issues. My mom’s 5s is nearly 4-years-old so she’ll probably get a new iPhone later this year depending on the SE replacement. However, some people are still using their 5 and 5c.That makes sense actually ... for major bugs like this companies tend to patch quietly, then when enough vendors have patched, then the bug is talked about openly. What is slightly more concerning is whether or not previous macOSes Sierra and El Cap will get security updates or if indeed the previous security updates already cover them (SecuritySteve says unlikely since the numbers don't match, but maybe). Apple really does need to confirm if the two older, still supported macOSes are secure or will be. It would be nice if the older iOSes (and even older macOSes) got updates too, but ... well ... that feels less likely
If that’s the case, good. I’m guessing it could potentially be a different story if you have a Mac if Apple’s mitigation attempts fall short.
https://support.apple.com/en-ca/HT208331That makes sense actually ... for major bugs like this companies tend to patch quietly, then when enough vendors have patched, then the bug is talked about openly. What is slightly more concerning is whether or not previous macOSes Sierra and El Cap will get security updates or if indeed the previous security updates already cover them (SecuritySteve says unlikely since the numbers don't match, but maybe). Apple really does need to confirm if the two older, still supported macOSes are secure or will be. It would be nice if the older iOSes (and even older macOSes) got updates too, but ... well ... that feels less likely
Apple has updated their documentation of the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan to include disclosure of the fix for Meltdown for all 3 OS.
Aye to expand on cmaier's answer: malicious code using Meltdown has to be running on your machine - unlike Spectre which can be run in a website's javascript. (Although Specter's damage is confined to the browser if run in the browser and I think javascript is disabled by default in iOS Safari so it shouldn't affect it unless you turn it on ... although I have it on
) Thus for meltdown, they have to get it past Apple's gate (not impossible, but very unlikely).Though I have to agree that it would be better if Apple supported at least 1 older generation of iOS with security updates.
[doublepost=1515123327][/doublepost]
I saw that and that's what I thought as well ... the confusion is that the CVE numbers listed don't match meltdown CVE (CVE-2017-5753), but the descriptions of the Kernel patches certainly read like Meltdown! Hence the confusion.
Last edited:
Disable JavaScript? It’s always been enabled by default in Safari on every iPhone/iPad I purchased. A lot of websites don’t work properly without it, including major ones like Google. Whenever I accidentally left it disabled, like when I cleared some persistent cookies, many websites didn’t look right.Aye to expand on cmaier's answer: malicious code using Meltdown has to be running on your machine - unlike Spectre which can be run in a website's javascript. (Although Specter's damage is confined to the browser if run in the browser and javascript is disabled by default in iOS Safari so it shouldn't affect it unless you turn it on) Thus for meltdown, they have to get it past Apple's gate (not impossible, but very unlikely).
Though I have to agree that it would be better if Apple supported at least 1 older generation of iOS with security updates.
[doublepost=1515123327][/doublepost]
I saw that and that's what I thought as well ... the confusion is that the CVE numbers listed don't match meltdown CVE (CVE-2017-5753), but the descriptions of the Kernel patches certainly read like Meltdown! Hence the confusion.
Yeah, I have it on too. I thought it was disabled by default, but I guess I was wrong. But I believe javascript can launch spectre attack (actually one webpage claims Meltdown can be as well https://www.bleepingcomputer.com/ne...tion-vector-for-meltdown-and-spectre-attacks/, I read elsewhere it was just Spectre ... there is so much contradictory info out there right now). Currently and in the near future everyone is vulnerable to Spectre iOS 10 or not, but iOS 10 is unlikely to get a Safari update ...
Last edited:
Disabling JavaScript will make websites like Google and Amazon look “broken”. Actually, I thought there was a more secure replacement for JavaScript, but JS is still dominant it seems.
Yeah I know
Here's a website that says just Spectre has been shown to work in javascript
https://www.anandtech.com/show/12214/understanding-meltdown-and-spectre
There is so much contradictory info put out there right now, probably best to heed the advice in the above link: Don't Panic in friendly red letters and see what actually shakes out over the coming days. Also, as stated in the website it's really things like Amazon Web Services and so forth that will primarily be targeted with such attacks given their nature.
Last edited:
Maybe you should edit your fake news post since there is already so much confusion on this among the general public. The whole point of this thread is that Apple is telling us Meltdown affects their A series chips. So it’s not just Intel that is impacted by Meltdown.
For those people who were unsure about upgrading their devices to the last ios version....time to patch bois...
Yeah, I also was wondering about the PowerPC chips being affected by these Meltdown and Spectre vulnerabilities.
So typical of Apple to be ahead of the game like this. They already fixed most of the bug issue with Mac OS 10.13.2, which was released on December 6th, and will complete patches on 10.13.3. They were a month ahead of the press releases when this Intel "bug" issue became public. Microsoft rushed to release a patch yesterday evening, whereas Apple were comfortably ahead of it all. I have updated to 10.13.2 and have not experienced any performance decreases with my six year old MacBook Pro. Apple has done great with keeping their products number 1. Now the question to be asked is will Apple begin using AMD processor chips rather than Intel because of all of this negative publicity toward Intel.