Spectre meltdown on 10.6.8

[decksnap]

Have a couple old systems stuck at 10.6.8, as well as a server running it. Anything that can or should be done about meltdown and Spectre on these older systems?

Note that the server’s only real interaction with the outside world is a Backblaze backup, but of course other local systems connect to it. Any thoughts besides ‘upgrade hardware’?

 

[Darmok N Jalad]

Well, it sure seems like for hardware to be protected from this, firmware and/or software updates are needed, and I don't see Apple patching 10.6.8. I suppose you could install a modern Linux distro on them, but that may be more trouble than its worth depending on your expectations.

 

[SecuritySteve]

There's no way you can protect yourself on a system that old. Frankly you're vulnerable to far worse than Meltdown / Spectre on 10.6.

macOS 10.6 has not received security updates since 2013. Apple chooses to patch systems from the current OS and two previous. So for now they are only patching El Capitan, Sierra, and High Sierra.

I'm not judging your decision to hang onto this older hardware, because you may have a very good reason. However, in the modern world we should all factor the increasing security risk as a cost of not upgrading to modern hardware / software. If you are curious as to what exactly you are vulnerable to, I suggest checking out https://support.apple.com/en-us/HT201222 and following the links for 2013 and 2014. From a software security scanner's standpoint, you are vulnerable to all of the vulnerabilities (that apply to macOS in that list anyway). Many of those vulnerabilities are kernel exploits, remote code execution exploits, ect. The older the software is, the more likely that an exploit will exist on a site like exploit-db.com and be common knowledge to even the most novice of hackers.

I hope this helps you.

 

[jav6454]

OS X 10.6 has several other vulnerabilities that are worse, rather simpler to exploit, than Spectre and Meltdown. Consider a new server.

 

[decksnap]

Thanks for the replies. I am learning that technically my 5.1 MacPro can go up past 10.6.8 so we'll see if its worth the effort to figure out how to transition to a new version of Server. Can you tell I'm not an IT guy?

 

[flowrider]

^^^^The oldest OS that the 5,1 cMPj will run is 10.6.4, and by golly you are there. My much modified 5,1 is running HS 10.13.2. Are you running a HDD or SSD as your system disk?

If, when, you upgrade you have to think about your apps? Depending pn what you use, that could be very expensive.

Lou

 

[decksnap]

I just have 4x4Tb HDD drives in there. I guess I just need to figure out how to upgrade from 10.6.8 Server to to a new version running Server without losing my group/user settings. Am I correct that Server is now just an app you install into OS X rather than a separate version of OS X? Blah.

 

[SecuritySteve]

I just have 4x4Tb HDD drives in there. I guess I just need to figure out how to upgrade from 10.6.8 Server to to a new version running Server without losing my group/user settings. Am I correct that Server is now just an app you install into OS X rather than a separate version of OS X? Blah.

Yes. There is no distinction between a Server OS and the regular OS anymore. It saves them some headaches from a development perspective, and allows you to still have all the server features you need in the application.

I use the Server app on a mac mini, it works pretty well.

 

[jav6454]

Yes. There is no distinction between a Server OS and the regular OS anymore. It saves them some headaches from a development perspective, and allows you to still have all the server features you need in the application.

I use the Server app on a mac mini, it works pretty well.

Agreed. Also, try to use an SSD for the OS. It'll do wonders in case any performance drops should be had.

 

[decksnap]

Thanks - feel free to ignore me as I stumble through this, but next step is I can not seem to find the appropriate way to actually upgrade, even though Apple says it's compatible. The app store shows no updates, and I can search for and find High Sierra in the app store, but pressing the 'get' button does nothing. There are mixed messages online about needing to update to El capital before upgrading to High Sierra, but I can not find El Capitan in the store or elsewhere.

 

[SecuritySteve]

Thanks - feel free to ignore me as I stumble through this, but next step is I can not seem to find the appropriate way to actually upgrade, even though Apple says it's compatible. The app store shows no updates, and I can search for and find High Sierra in the app store, but pressing the 'get' button does nothing. There are mixed messages online about needing to update to El capital before upgrading to High Sierra, but I can not find El Capitan in the store or elsewhere.

You might need to make a bootable High Sierra install USB, and make a clean install over the system. You should back up your drive first, and then when you've finished installing High Sierra and you're walking through the set up, choose to migrate from your backup.

 

[Fishrrman]

OP:

If you have a couple of older installs on Macs that are pretty much "stuck where they are", my advice is simple.
Don't worry about this at all.

Yes, you read that right.
No one has been "harmed" by these recent security disclosures. They are the result of research, not anything that has been released "in the wild".
If and when that happens (it will become public knowledge very quickly), then, and ONLY THEN, would I start worrying (and even then I personally wouldn't worry much).

The actual chances that your old Macs will ever be harmed by this are probably about the same as you being struck by lightning...

 

[decksnap]

You might need to make a bootable High Sierra install USB, and make a clean install over the system. You should back up your drive first, and then when you've finished installing High Sierra and you're walking through the set up, choose to migrate from your backup.

Thank you - my new plan based on this was to use the boot disk to install High Sierra on one of the other drives in the machine and port my data over after I confirmed it works. This way I'll still have the current install if the High Sierra thing doesn't pan out. But, the first thing it wants to do when I try to install off the boot drive is update the firmware. Is there any chance that upgrading the firmware will cause issues with the 10.6.8 system?

 

[SecuritySteve]

Thank you - my new plan based on this was to use the boot disk to install High Sierra on one of the other drives in the machine and port my data over after I confirmed it works. This way I'll still have the current install if the High Sierra thing doesn't pan out. But, the first thing it wants to do when I try to install off the boot drive is update the firmware. Is there any chance that upgrading the firmware will cause issues with the 10.6.8 system?

I don't believe so.