Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Confirms 'Meltdown' and 'Spectre' Vulnerabilities Impact All Macs and iOS Devices, Some Fixes Already Released [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
The link provided clearly says released 6th December 2017. Unless I’m reading it wrong
It is very clear that the mitigation was part of the security patches released last month. It simply wasn't made public as the flaw was still a secret at that point. Some relief as I'm still on El Capitan.
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.1
6 Dec 2017
This document describes the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan.
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read kernel memory
Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5754: Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology GmbH, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology
Entry added January 4, 2018
How do you know this? I am running El Capitan, and would love to get formal confirmation.
[doublepost=1515147235][/doublepost]
That's good news. Why did Apple state that only the latest version of macOS was patched?
not that i am one of those guys who complain but this is a bad example. Companies knew about this issue since very long time. 9th of Jan was coordinated publishing date but because of news leaks **** hit the fan before this date. So not quick in anyway
As of yet no fix has yet been released has been released for macOS 10.12.6 Sierra therefore it can be assumed the same applies to OS X 10.11.6 El Capitan.
Also worth mentioning is there likely to be a fix released for OS X 10.10.5 Yosemite or have Apple completely discontinued support for Yosemite?
Apple need to be clear on when a release has reached its end of life.
[doublepost=1515149591][/doublepost]
Also worth mentioning is there likely to be a fix released for OS X 10.10.5 Yosemite or have Apple completely discontinued support for Yosemite?
Apple need to be clear on when a release has reached its end of life.
[doublepost=1515149591][/doublepost]
Thank you for going some way to clarifying this if it is indeed the relative fix. Apple should be more transparent when issuing fixes for older releases. But what of Yosemite?
The BBC seem to have mis-quoted Apple on this, or misunderstood:
Referring to Apples comments..."Meltdown does not affect the Apple Watch, it said, as the bug was an issue with Intel processors which are not contained in that device"
Intel processors aren't contained in iPhones or iPads, but you say they are affected....
It's this scaremongering, non-factual journalism that causes everyone to go bonkers over these things.
Far too much FUD going on right now around these issues. I’m sure more factual information will emerge in the coming weeks as patches roll and embargoes formally lift.
In the meantime, let’s keep speculation to a minimum...boom boom!
In the meantime, let’s keep speculation to a minimum...boom boom!
Glad to see some fixes already. Well done Apple. Mixed feelings with Apple this past 12 months, but they definitely seem to be moving in the right direction.
Actually, Microsoft released first patches on Windows Insider in November and they've been benchmarking the performance since then. Only the official release got out yesterday.
These security flaws are gonna cause the biggest OSes version fragmentations in the history of Apple. Mark my words. People's thoughts are going to be something like this: "If I'm screwed up no matter what super new technology I have. Safe computing and to hell with everything else" (Just my thought)
No they are not. Because they can be fixed in software (with a small performance hit). So like before, if you don't update you are vulnerable, if you update you aren't.
Apple added this yesterday to the security notes for iOS 11.2
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read kernel memory
Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5754: Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology GmbH, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology
Entry added January 4, 2018
https://support.apple.com/en-us/HT208334
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read kernel memory
Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5754: Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology GmbH, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology
Entry added January 4, 2018
https://support.apple.com/en-us/HT208334
Last edited:
Since this is in the OS, and affected other chips i'm sure that would mean Windows systems also affected.
20% OS install, 80% updates
These security flaws are gonna cause the biggest OSes version fragmentations in the history of Apple. Mark my words. People's thoughts are going to be something like this: "If I'm screwed up no matter what super new technology I have. Safe computing and to hell with everything else" (Just my thought)
20% OS install, 80% updates
I wonder if this explains why after the latest update for El Cap that my 15-inch MBP (Haswell CPU) was running hotter and noticeably slower, especially when virtualizing? I ultimately wound up doing a carbon clone restore to an OS backup I made before the update was installed.
I thought Spectre had no effective mitigation. I wonder what they are adding to Safari to protect against it?
[doublepost=1515159196][/doublepost]
I understand Virtualization is one of the "workflows" whose performance is most impacted by the mitigation for Meltdown. That said, I run Parallels every day and haven't really noticed it being any slower since the Dec patch.
[doublepost=1515159196][/doublepost]
I understand Virtualization is one of the "workflows" whose performance is most impacted by the mitigation for Meltdown. That said, I run Parallels every day and haven't really noticed it being any slower since the Dec patch.