Apple issues Meltdown and Spectre fixes for older Mac operating systems
Apple's latest macOS High Sierra was not the only Mac operating system to receive fixes for Meltdown and Spectre on Tuesday, as a separately released security update addresses critical vulnerabilities in macOS Sierra and OS X El Capitan.
Released alongside macOS High Sierra 10.13.3, which itself includes patches for Meltdown and Spectre, Apple's Security Update 2018-001 for Sierra and El Capitan incorporate a number of kernel security improvements aimed at nullifying threats posed by the chip flaws.
Apple points to Meltdown by name in an accompanying support document, saying the fix addresses a vulnerabilities that allow an attacker to gain unauthorized access to information on computers with microprocessors utilizing speculative execution. Other patches mitigate risks associated with read restricted memory, kernel privileges and memory corruption.
Prior to today, Apple issued a supplemental update for macOS 10.13.2, but failed to release a similar patch for older operating systems.
Both Meltdown and Spectre take advantage of speculative execution, a performance feature built in to nearly every modern microprocessor. Chips like those made by Intel and AMD, as well as Apple's A-series SoCs, attempt to predict instruction streams in order to facilitate faster process execution. If a predicted path is not needed, the instruction set is canceled and the associated memory cache is discarded in a process intended to be invisible to a user program. However, researchers discovered a method of accessing targeted areas of a memory cache, opening the door to sensitive information like user passwords.
More information about Meltdown and Spectre can be found here.
Mac users are urged to download the security update, or the latest version of macOS, through the Mac App Store.
Released alongside macOS High Sierra 10.13.3, which itself includes patches for Meltdown and Spectre, Apple's Security Update 2018-001 for Sierra and El Capitan incorporate a number of kernel security improvements aimed at nullifying threats posed by the chip flaws.
Apple points to Meltdown by name in an accompanying support document, saying the fix addresses a vulnerabilities that allow an attacker to gain unauthorized access to information on computers with microprocessors utilizing speculative execution. Other patches mitigate risks associated with read restricted memory, kernel privileges and memory corruption.
Prior to today, Apple issued a supplemental update for macOS 10.13.2, but failed to release a similar patch for older operating systems.
Both Meltdown and Spectre take advantage of speculative execution, a performance feature built in to nearly every modern microprocessor. Chips like those made by Intel and AMD, as well as Apple's A-series SoCs, attempt to predict instruction streams in order to facilitate faster process execution. If a predicted path is not needed, the instruction set is canceled and the associated memory cache is discarded in a process intended to be invisible to a user program. However, researchers discovered a method of accessing targeted areas of a memory cache, opening the door to sensitive information like user passwords.
More information about Meltdown and Spectre can be found here.
Mac users are urged to download the security update, or the latest version of macOS, through the Mac App Store.
Comments
Nicely done. I feel back to 10.11.6 is a good balance.
What about the perormance loss
incurred with these remediations?
Tom
I'm still not seeing the update here (Sierra in Canada). I wonder if Apple has pulled it?