Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at the time of this writing. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.
El Capitan Update Requirements
Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Security updates for macOS Sierra and OS X El Capitan also include mitigations for Meltdown. To help defend against Spectre, Apple has released mitigations in iOS 11.2.2, the macOS High Sierra 10.13.2 Supplemental Update, and Safari 11.0.2 for macOS Sierra and OS X El Capitan. Apple Watch is not affected by either Meltdown or Spectre.
Jan 23, 2018 As outlined in Apple's security support document, Security Update 2018-001 available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 offers several mitigations for both Meltdown and Spectre. This document describes the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan.' So the Meltdown and Spectre bugs are fixed in El Capitan?
We continue to develop and test further mitigations for these issues.
BackgroundSafari Update For El Capitan
The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Best free flac converter for mac. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.
The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.
Meltdown
Meltdown is a name given to an exploitation technique known as CVE-2017-5754 or 'rogue data cache load.' The Meltdown technique can enable a user process to read kernel memory. Our analysis suggests that it has the most potential to be exploited. Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and also in Security Update 2018-001 for macOS Sierra and Security Update 2018-001 for OS X El Capitan. watchOS did not require mitigation.
![]() ![]()
Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.
SpectreEl Capitan Update For Meltdown 2017
Spectre is a name covering multiple different exploitation techniques, including—at the time of this writing—CVE-2017-5753 or 'bounds check bypass,' and CVE-2017-5715 or 'branch target injection,' and CVE-2018-3639 or “speculative bounds bypass.” These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.
Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. On January 8th Apple released updates for Safari on macOS and iOS to mitigate such timing-based techniques. Garageband for acer free download. Testing performed when the Safari mitigations were released indicated that the mitigations had no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark. We continue to develop and test further mitigations within the operating system for the Spectre techniques. watchOS is unaffected by Spectre.
Along with the new macOS 10.13.3 update that was released today, Apple has also released the security fixes associated with Spectre and meltdown issues for both macOS Sierra and macOS El Capitan.
If you have an older MacBook or iMac and are still using Sierra or El Capitan this security update (Security Update 2018-001) is meant for you. Please read Apple’s release notes here to learn more about the security content.
The new update should come handy for those users who have had concerns around updating to the new APFS system made available via macOS High Sierra. If your MacBook sports a newer fashioned solid state drive you should not have any issues updating and using macOS High Sierra.
If you would like to wait some more before updating your computer to macOS High Sierra, we suggest that you apply the new security patch that was released today and turn off the ‘Upgrade to macOS High Sierra” notifications for now. That way you don’t have to deal with constant annoying upgrade notifications on your MacBook.
RELATED:
Here are a few different options that will help you disable these macOS High Sierra upgrade notifications.
Along with the new macOS update, Apple also released new iOS 11.2.5 for iPhone and iPad. Please tap on Settings > General > Software Updates to review the latest iOS update. Make sure to take a backup and then update your iOS device.
Please let us know if you have any questions or concerns. We strongly recommend that you take a backup and then update your MacBook running Sierra or El Capitan with this new security path released today from Apple.
Obsessed with tech since the early arrival of A/UX on Apple, Sudz (SK) is responsible for the editorial direction of AppleToolBox. Instagram for mac air free download. He is based out of Los Angeles, CA.
Sudz specializes in covering all things macOS, having reviewed dozens of OS X and macOS developments over the years.
In a former life, Sudz worked helping Fortune 100 companies with their technology and business transformation aspirations.
Related Posts:Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |