Linked by Thom Holwerda on Tue 23rd Jan 2018 22:31 UTC
Mac OS X

Along with macOS High Sierra 10.13.3, Apple this morning released two new security updates that are designed to address the Meltdown and Spectre vulnerabilities on machines that continue to run macOS Sierra and OS X El Capitan.

As outlined in Apple's security support document, Security Update 2018-001 available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 offers several mitigations for both Meltdown and Spectre, along with fixes for other security issues, and the updates should be installed immediately.

Together with last week's update, this means the last three major revisions of macOS are now protected from the processor bugs.

Permalink for comment 653147
To read all comments associated with this story, please click here.
Comment by Alfman
by Alfman on Tue 23rd Jan 2018 23:25 UTC
Alfman
Member since:
2011-01-28

Thom Holwerda,

Together with last week's update, this means the last three major revisions of macOS are now protected from the processor bugs.


I think it's premature to say anyone is now protected from the processor bugs. For one thing, intel has publicly stated that it's patches are faulty and recommended they not be installed at this point in time.

https://newsroom.intel.com/news/root-cause-of-reboot-issue-identifie...


Also the code pattern used by spectre is relatively rare in C based kernels (and therefor easier to clean out), but I believe there could be potentially many variations on the spectre attack that will be more difficult to identify and mitigate.

One final point is that even if the kernel is fully protected, the spectre attack works across domains, so system daemons and other processes are potentially vulnerable even if the kernel itself is not.

Unfortunately there's no quick fix for this class of attack, short of disabling speculative execution entirely.

Edited 2018-01-23 23:33 UTC

Reply Score: 6