Strange that Apple would release a Meltdown security update for Sierra and El Cap, but not release one for Spectre on those systems. That's going to leave a lot of people more vulnerable who aren't able or want to upgrade to High Sierra. Hopefully updates for those 10.11 and 10.12 are coming.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Releases macOS High Sierra 10.13.2 Supplemental Update With Spectre Fix
- Thread starter MacRumors
- Start date
- Sort by reaction score
Can you provide a specific list of these bugs and performance issues.
You have that backwards. Today's Safari update addresses Spectre but there's no Meltdown update for Sierra or El Capitan.
I wonder if it would be worthwhile benchmarking before and after update?
Apple today released a macOS High Sierra 10.13.2 supplemental update, which comes a little more than a month after the initial release of macOS High Sierra 10.13.2.
macOS High Sierra 10.13.2 is a free update for all customers who have a compatible machine. The update can be downloaded using the Software Update function in the Mac App Store.
macOS High Sierra 10.13.2 addresses the "Spectre" vulnerability that was publicized last week. Spectre, along with its sister vulnerability "Meltdown" are serious hardware-based exploits that take advantage of the speculative execution mechanism of a CPU, allowing hackers to gain access to sensitive information.
While Meltdown was addressed in the initial macOS High Sierra 10.13.2 update, Apple said it would introduce a mitigation for Spectre in macOS and iOS early this week. There is no hardware fix for Spectre, so Apple is addressing the vulnerability using Safari-based software workarounds.
There's also a Safari 11.0.2 update available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 that is designed to mitigate the effects of the Spectre vulnerability. Customers running macOS Sierra and OS X El Capitan should download the new version of Safari to make sure their machines are protected.
Article Link: Apple Releases macOS High Sierra 10.13.2 Supplemental Update With Spectre Fix
It sounds like for Sierra and El Cap users, there is a standalone Safari update for Spectre that takes care of it.
Good news that Apple have released Safari fixes. I run OS X 10.11.6 El Capitan on a Early 2008 iMac and macOS 10.12.6 Sierra on a Late 2009 iMac.
What does stand out a mile though no fix has been released for those running OS X 10.10.5 Yosemite.
Once again Apple have abandoned a percentage of Mac users.
What does stand out a mile though no fix has been released for those running OS X 10.10.5 Yosemite.
Once again Apple have abandoned a percentage of Mac users.
Spectre can't effectively be blocked at the system or even hardware level. Individual apps need to be adjusted for it. Also, the kind of system-level tweaks that would mitigate it would seriously cripple applications that require extreme timing accuracy.
This article is about the High Sierra security update for Spectre, not the Safari update. Also, a Meltdown update was released in December for El Cap, Sierra, and High Sierra prior to the public announcement about the exploit. That's what I was referring to.
The Safari update only "takes care of" Spectre when you're using Safari. This High Sierra update patches the kernel.
It doesn't address Meltdown, and Apple has since removed mention of 10.12 from their support article. Given we has a major release at the end of the month and I can't afford any High Sierra incompatibilities, I'd like to still have a definitive answer on whether or not my computer is going to be vulnerable or not.
Why would Apple not release a Safari update for Yosemite users? I understand Yosemite is no longer supported but for such a dangerous issue could they provide a browser update for older versions of MacOS.
FWIW, it's a hardware issue with Intel, not Apple. Windows & Linux are just as affected by this as Apple.
It's you that should read the article. This article is about the High Sierra security update which patches the kernel. There is a separate article for discussion of the Safari update.
No. These vulnerabilities are tame compared to the things they fix on a regular basis. If you run an older OS on an older machine, you are vulnerable, period. Factor that into the cost of upgrading, instead of blaming the OEM for your insecurity.
Geekbench results for
iMac (27-inch Retina Late 2015)
Pre update:
Single-Core Score 5302 Multi-Core Score 17899
Geekbench 4.2.0 Tryout for Mac OS X x86 (64-bit)
Upload Date November 10 2017 07:52 AM
Post update is better!
Single-Core Score 5310 Multi-Core Score 18162
Geekbench 4.2.0 Tryout for Mac OS X x86 (64-bit)
Upload Date January 08 2018 06:47 PM
iMac (27-inch Retina Late 2015)
Pre update:
Single-Core Score 5302 Multi-Core Score 17899
Geekbench 4.2.0 Tryout for Mac OS X x86 (64-bit)
Upload Date November 10 2017 07:52 AM
Post update is better!
Single-Core Score 5310 Multi-Core Score 18162
Geekbench 4.2.0 Tryout for Mac OS X x86 (64-bit)
Upload Date January 08 2018 06:47 PM
Not surprising. Remember that those running a beta are suppose to be doing it on test systems with no important data or personal information on them. Security issues shouldn't be a big deal for them.
Mine finished ok but took nearly 30 minutes to complete, quite a bit of that was stuck on estimating time remaining.
The only reference to 10.11 and 10.12 in this article are in reference to the separate Safari update, not a system-level update to patch the kernel. Also, I have an El Cap system right here and there's no security update, nor is one listed on Apple's support site.
What does that have to do with beta version? Testing on beta is wasted effort. You need to test in release versions regardless.
I'm not blaming anyone just curious, I always update when the OS becomes unsupported but I was caught by surprise with Yosemite, did not realize until this week that support ended in September.
2015 machine, I'm just waiting on sorting out some keychain issues, otherwise I would be on High Sierra right now.
If anyone has any keychain expertise and can answer a couple of questions:
https://forums.macrumors.com/thread...ychain-passwords-not-appearing.1905840/page-2
Spectre isn't something patched at the kernel level. It's being done through the browser. Meltdown is a completely different deal which has already been but isn't the topic of discussion here.