I disable JavaScript in Chrome by default, and only re-enable it for sites that I reasonably trust. If some random unknown non-https host doesn’t work with it off, they just lost my business.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Confirms 'Meltdown' and 'Spectre' Vulnerabilities Impact All Macs and iOS Devices, Some Fixes Already Released [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
I disable JavaScript in Chrome by default, and only re-enable it for sites that I reasonably trust. If some random unknown non-https host doesn’t work with it off, they just lost my business.
Yeah. Even the ppc 601 reordered instructions and load/stores, so good chance it’s at least subject to Spectre.
Will Apple use Samsung Exynos because of the negative publicity towards Apple CPUs?
Lol. What makes you think Samsung processors are in the clear? Anything using speculative out of order execution is likely susceptible to sceptre.
True, but Intel seems to be taking it the worst, even though they attempted to pull down all other CPUs with them. Lol.
I don't think that. Review my post history.
I'm just trying to point to OP how ridiculous it would be to switch from Intel to AMD.
[doublepost=1515130605][/doublepost]
How is it an "attempt" when the flaw is industry-wide?
Intel dominates the desktop and notebook market share with 80% and 90%, respectively. Of course they're more visible.
Now that AMD released the Ryzen 7, it may make Apple give it a little consideration though.
I think the fact that Apple chose Intel for their $4,999 iMac Pro already tells you the answer.
When they had their press release concerning the "bug" they said that they were forced to do so because of the "inaccurate media reports." They were quick to state that they were not the only CPU affected by this "bug" but that all CPUs would be affected. In their own words, "Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.” Also, while all processors were affected with Spectre, only Intel was affected with Meltdown.
Last edited:
High Sierra already performs like crud. Any more of a performance hit for my 4 year old Mac will definitely keep me from upgrading more than I was already convinced.
Just downgraded back to Sierra, because High Sierra was anything but High (Performance). Man, did i regret the upgrade.. And now i'm not reading anything about older MacOS versions being updated, what's up with that? Is Apple telling us that a one year old OS isn't supported anymore? That's rediculous!
i don't know if you are being sarcastic or not, but regardless, this kind of thinking is a great example of apple's quandry where they're damned if they do, damnned if they don't.Apple's great ARM chip design mean no vulnerabilities I remember everyone saying....right?
No, Apple CPUs are also affected by Meltdown.
"Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2."
https://support.apple.com/en-us/HT208394
Apple patched iOS which only runs on Apple processors.
If it was the fault of Apple it would be vague and have taken longer. Standard. there is a lot of hot air in their statement. Standard.
Why do you need to start a conversation creating debate ? These constant victim posts do not help the community.
Apple was under an embargo, as was everyone else, it was made clear. And what was quick ? A vague statement?
How about fixes for earlier versions of the OS? Not ready to switch from Sierra to High Sierra yet.
Apple today confirmed that it has addressed the recent "Meltdown" vulnerability in previously released iOS 11.2, macOS 10.13.2, and tvOS 11.2 updates, with additional fixes coming to Safari in the near future to defend against the "Spectre" vulnerability.
Apple has also confirmed that the two vulnerabilities affect all Mac and iOS devices. The company's full statement, available through a new support document covering Meltdown and Spectre, is below:Apple's statement does not make it clear if these vulnerabilities have been addressed in older versions of iOS and Mac, but for Macs, there were security updates for older versions of macOS released alongside macOS 10.13.2, so it's possible fixes are already available for Sierra and El Capitan.
News of the Spectre and Meltdown vulnerabilities first came to light this week, but Intel and major operating system vendors like Apple, Linux, and Microsoft have known about the issue for several months and worked to prepare a fix before the security flaws were publicly shared.
Spectre and Meltdown are serious vulnerabilities that take advantage of the speculative execution mechanism of a CPU. As these use hardware-based flaws, operating system manufacturers are required to implement software workarounds. These software workarounds can impact processor performance, but Intel has insisted every day users will not see serious slowdowns. Apple also says that no measurable impact has been detected in macOS and iOS.The Meltdown vulnerability allows a malicious program to read kernel memory, accessing data like passwords, emails, documents, photos, and more. Meltdown can be exploited to read the entire physical memory of a target machine. The vulnerability is particularly problematic for cloud-based services.
Spectre, which covers two exploitation techniques, breaks the isolation between different applications. Apple says that while the Spectre vulnerability is difficult to exploit, it can be done using JavaScript in a web browser. Apple plans to release Safari updates for macOS and iOS to prevent Spectre-based exploits.
As with the Meltdown vulnerability, Apple says the upcoming Safari mitigations will have "no measurable impact" on Speedometer and ARES-6 tests, and an impat of less than 2.5% on the JetStream benchmark.
Apple says it will continue to test further mitigations for Spectre and will release them in future versions of iOS, macOS, tvOS, and watchOS.
Article Link: Apple Confirms 'Meltdown' and 'Spectre' Vulnerabilities Impact All Macs and iOS Devices, Some Fixes Already Released
Yes, the fix present in 10.13.2 was also released via separate Security Updates for Sierra and El Capitan.
https://support.apple.com/HT208331
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read kernel memory
Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5754: Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology GmbH, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology
Updated: Apple has removed references to macOS Sierra and OS X El Capitan for this bug fix on the support page, so it is not known whether it has been backported to these older releases.Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read kernel memory
Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5754: Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology GmbH, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology
Last edited:
It has been released. They were under non-disclosure so they could not acknowledge the existence of the fix until the embargo was lifted.
Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
Updated: Apple has removed references to macOS Sierra and OS X El Capitan for this bug fix on the support page, so it is not known whether it has been backported to these older releases.
Last edited:
No need to panic. Just leave your front door unlocked and trust that all will be fine--and it will!
There is so much incompetence nowadays that the only reason information isn't being stolen is because nobody is trying to steal it. If you think anything is secure, you're dreaming.
There is so much incompetence nowadays that the only reason information isn't being stolen is because nobody is trying to steal it. If you think anything is secure, you're dreaming.
The link provided shows no download for the update, let alone anything in the App store. So it can not be said that it has been "released". Released is exactly that; released to be downloaded. Announced is a different thing. It has been announced, not released.
BL.
This "crying" is 100% legit. And again, "Apple's statement does not make it clear if these vulnerabilities have been addressed in older versions of iOS and Mac" .. how typical for today's Apple - they don't give a crap to make really clear statement even if it's totally clear that people are waiting for it.