sigh...You will be vulnerable to the bug.
Guess it is time to break out the flash drive with the El Capitan...
sigh...You will be vulnerable to the bug.
The question is...why are Apple being so slow to officially announce this is fixed?
...unless it isn't...
You will still be vulnerable to the bug.sigh...
Guess it is time to break out the flash drive with the El Capitan...
That seems very unlikely.Just really got into reading the news about this the earlier today after seeing a headline or two on it recently. Confound it all, can't computers be cantankerous enough?!? And I'm still on 'El Capitan,' to boot. (Grumbles…) Please tell us you have a fix in the works for your older supported OS versions if you haven't sent us one already, Apple!
https://support.apple.com/en-us/HT208331You will still be vulnerable to the bug.
I believe it was patched. Check out the notes on the security patch 002 of June: https://support.apple.com/en-us/HT208331 scroll down to CPU, it notes about a memory leak in the kernel.What about El Capitan and Sierra?
Indeed: I think this is now the correct bug fix reference: (It wasn't referenced there early yesterday)I believe it was patched. Check out the notes on the security patch 002 of June: https://support.apple.com/en-us/HT208331 scroll down to CPU, it notes about a memory leak in the kernel.
- CVE-2017-5754 (for "Meltdown")
- CVE-2017-5753 and CVE-2017-5715 (for "Spectre")
Indeed: I think this is now the correct bug fix reference: (It wasn't referenced there early yesterday)
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read kernel memory
Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5754: Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology GmbH, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology
Entry added January 4, 2018
---
It is nice to know that these made it into all three of the most recent OS releases. The other two bugs are still not patched though on any OS. Hopefully soon.
[doublepost=1515161142][/doublepost]These are the 3 exploits that require patching:
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read kernel memory (Meltdown)
Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)
Entry updated January 5, 2018
…One of my macs cannot update beyond El Cap, …
Everymac has the up-to-date information.Yeah, I'm currently stuck with booting my family's mid-2007 aluminum iMac (iMac7,1) from an external drive until I can scrounge up enough funds to buy a laptop (note that that Apple-History entry is out of date, as said device's maximum OS is actually 10.11.6; seems like the site hasn't been getting updates for the past couple of years, I'm sad to say.)
Guess it's [—] Sierra, El Capitan, and Yosemite for Apple
Everymac has the up-to-date information.
__________________________________________________________________________________________________________Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6
Description: Safari 11.0.2 includes security improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).
We would like to acknowledge Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61 for their assistance.
[doublepost=1515506993][/doublepost]With the inability to upgrade your equipment due to Apple's lock-down, they need not have a performance hit because there is no way to counter it by upgrading ram or drive.
A serious design flaw and security vulnerability discovered in Intel CPUs has reportedly already been partially addressed by Apple in the recent macOS 10.13.2 update, which was released to the public on December 6.
According to developer Alex Ionescu, Apple introduced a fix in macOS 10.13.2, with additional tweaks set to be introduced in macOS 10.13.3, currently in beta testing. AppleInsider also says that it has heard from "multiple sources within Apple" that updates made in macOS 10.13.2 have mitigated "most" security concerns associated with the KPTI vulnerability.
Publicized yesterday, the design flaw in Intel chips allows normal user programs to see some of the contents of the protected kernel memory, potentially giving hackers and malicious programs access to sensitive information like passwords, login keys, and more.
Full details on the vulnerability continue to be unavailable and under embargo, so it's not yet clear just how serious it is, but fixing it involves isolating the kernel's memory from user processes using Kernel Page Table Isolation at the OS level. Implementing Kernel Page Table Isolation could cause a performance hit on some machines.
According to The Register, which first shared details on the vulnerability, Windows and Linux machines will see a 5 to 30 percent slowdown once a fix is in place. It appears Macs may not be hit as heavily, as no noticeable performance slowdowns have been reported since the launch of macOS 10.13.2.
Ionescu also says that performance drop on a system with PCID (Process-Context Identifiers), available on most modern Macs, is "minimal," so most users may not see an impact on day-to-day Mac usage.
Article Link: Intel Memory Access Design Flaw Already Addressed by Apple in macOS 10.13.2
upgrading ram or drive doesn't affect these attacks[doublepost=1515506993][/doublepost]With the inability to upgrade your equipment due to Apple's lock-down, they need not have a performance hit because there is no way to counter it by upgrading ram or drive.