Apple Addresses Meltdown and Spectre in macOS Sierra and OS X El Capitan With New Security Update

Along with macOS High Sierra 10.13.3, Apple this morning released two new security updates that are designed to address the Meltdown and Spectre vulnerabilities on machines that continue to run macOS Sierra and OS X El Capitan.

As outlined in Apple's security support document, Security Update 2018-001 available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 offers several mitigations for both Meltdown and Spectre, along with fixes for other security issues, and the updates should be installed immediately.

meltdownspectre
Apple addressed the Meltdown and Spectre vulnerabilities in macOS High Sierra with the release of macOS High Sierra 10.13.2, but older machines were left unprotected. Apple initially said a prior security update included fixes for the two older operating systems, but that information was later retracted.

Spectre and Meltdown are two hardware-based vulnerabilities that impact nearly all modern processors. Apple in early January confirmed that all of its Mac and iOS devices were impacted, but Meltdown mitigations were introduced ahead of when the vulnerabilities came to light in iOS 11.2 and macOS 10.13.2, and Spectre was addressed through Safari updates in iOS 11.2.2 and a macOS 10.13.2 Supplemental Update.

Spectre and Meltdown take advantage of the speculative execution mechanism of a CPU. As these use hardware-based flaws, operating system manufacturers are required to implement software workarounds. These software workarounds can impact processor performance, but according to Apple, the Meltdown fix has no measurable performance reduction across several benchmarks.

The Spectre Safari mitigations have "no measurable impact" on Speedometer and ARES-6 tests, and an impact of less than 2.5% on the JetStream benchmark.

Many PCs with Intel processors have been facing serious issues following the installation of patches with fixes for Meltdown and Spectre, but these problems do not appear to impact Apple's machines.

Related Forum: macOS High Sierra

Popular Stories

Generic iOS 18

Apple Announces iOS 18.2 Launching Today With These New Features

Wednesday December 11, 2024 5:23 am PST by
Apple has announced that iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2 will be released today following more than six weeks of beta testing. For the iPhone 15 Pro and iPhone 16 models, the update introduces additional Apple Intelligence features, including Genmoji for creating custom emoji, Image Playground and Image Wand for generating images, and ChatGPT integration for Siri. There is also ...
Generic iOS 18

Apple Seeds Second Release Candidate Versions of iOS 18.2 and More With Genmoji, Image Playground and ChatGPT Integration

Monday December 9, 2024 10:06 am PST by
Apple today seeded the second release candidate versions of upcoming iOS 18.2, iPadOS 18.2, and macOS 15.2 updates to developers and public beta testers for testing purposes, a week after releasing the first RCs. The first iOS 18.2 RC had a build number of 22C150, while the second RC's build number is 22C151. Release candidates represent the final version of beta software that's expected to see a ...
iPhone SE 4 Single Camera Thumb 3

iPhone SE 4 Said to Feature 48MP Rear Lens, 12MP TrueDepth Camera

Monday December 9, 2024 4:48 am PST by
Apple's forthcoming iPhone SE 4 will feature a single 48-megapixel rear camera and a 12-megapixel TrueDepth camera on the front, according to details revealed in a new Korean supply chain report. ET News reports that Korea-based LG Innotek is the main supplier of the front and rear camera modules for the more budget-friendly ~$400 device, which is expected to launch in the first quarter of...
iOS 18

Here Are Apple's Full Release Notes for iOS 18.2

Thursday December 5, 2024 11:48 am PST by
Apple seeded the release candidate version of iOS 18.2 today, which means it's going to see a public launch imminently. Release candidates represent the final version of new software that will be provided to the public should no last minute bugs be found, and Apple includes release notes with the RC launch. The iOS 18.2 release notes provide a look at all of the new features that are coming...
New Things Your iPhone Can Do in iOS 18

20 New Things Your iPhone Can Do in iOS 18.2

Friday December 6, 2024 4:42 am PST by
Apple is set to release iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls...
Apple MacBook Pro M4 hero

MacBook Pros With OLED Displays Won't Have a Notch, Roadmap Shows

Monday December 9, 2024 7:36 am PST by
Apple plans to remove the notch from the MacBook Pro in a few years from now, according to a roadmap shared by research firm Omdia. The roadmap shows that 14-inch and 16-inch MacBook Pro models released in 2026 will have a hole-punch camera at the top of the display, instead of a notch. It is unclear if there would simply be a pinhole in the display, or if Apple would expand the iPhone's...
airpods pro 2 gradient

AirPods Pro 3 Expected Next Year: Here's What We Know

Thursday November 28, 2024 3:30 am PST by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...
vipps nfc tap to pay iphone

World's First Apple Pay Alternative for iPhone Launches in Norway

Monday December 9, 2024 1:28 am PST by
Norwegian payment service Vipps has become the world's first company to launch a competing tap-to-pay solution to Apple Pay on iPhone, following Apple's agreement with European regulators to open up its NFC technology to third parties. Starting December 9, Vipps users in Norway can make contactless payments in stores using their iPhones. The service initially supports customers of SpareBank...

Top Rated Comments

nexu Avatar
90 months ago
Can we get the same for iOS 10?
Score: 12 Votes (Like | Disagree)
Paddle1 Avatar
90 months ago
How about iOS 9 or iOS 10? Lots of devices stuck there.
Score: 12 Votes (Like | Disagree)
zorinlynx Avatar
90 months ago
I wonder how reliable Apple's patches are given that Linus Torvalds has condemned the patches ('https://lkml.org/lkml/2018/1/21/192') submitted to the linux kernel by Intel:




Linus is never one to mince words...
That's one thing I love about him. He loves Linux and he wants to make it the best system it can be. He doesn't bother with political correctness or being nice. If someone writes bad code, he lets them know, harshly. Everyone who works with him knows not to take things personally.

We need more people like that in QC and management positions at companies like Apple. Steve Jobs was much the same way.
Score: 11 Votes (Like | Disagree)
vicviper789 Avatar
90 months ago
i guess my ibook g4 will be left vulnerable...
Score: 6 Votes (Like | Disagree)
lionel77 Avatar
90 months ago
So, no fixes for Yosemite...
Is it possible to just get El Capitan or Sierra instead of the useless High Sierra...?
Yes, fortunately you can still get those installers:
https://support.apple.com/en-us/HT208202 (Sierra)
https://support.apple.com/en-us/HT206886 (El Capitan)
Score: 6 Votes (Like | Disagree)
Dangermen Avatar
90 months ago
I shouldn't really reply to someone that joined in October 2017 only to post criticism (not a single positive post).
However, I will point out that one could say all security measures are "half-hearted" in that they address an issue (or a group of them) when many others are either in the pipeline or about to be discovered.
If you cannot get to terms with this fact of computing life then perhaps you should give up computers altogether.

I hate to point out the obvious, but when I am not happy with a service provider I usually move to one that I perceive to be a better one. Have you considered this as an option?
Since when does being a forum member for a short period of time exclude my opinion? I've been in IT for 28 years. I started with Linux and I've been a Mac user for 7 years now. I'm heavily invested in them. Switching isn't A) cheap nor B) is my opinion not the source of the problem.

I am asking for Apple to just be more transparent. As an example, pick the last year of the OS release your running that isn't the current OS, then add up all of the discovered vulnerabilities in the following years and those are the holes you are running with. e.g. a 2015 OS has 540+ holes Apple will -never- fix. So patching spectre and meltdown isn't throwing anyone a bone.
https://www.cvedetails.com/product/15556/Apple-Iphone-Os.html?vendor_id=49

Cisco is not a perfect company but their EOL policy is transparent and certainly works better than Apples. They could learn something from them.
https://www.cisco.com/c/en/us/products/eos-eol-policy.html

Asking Apple to do better is not picking on them, I'm a very concerned customer. I had to dump a fully functional Mac mini because Apple stopped producing patches. That latest iMessage crash bug, not fixed in Sierra. I now have a new mac.

---

One last thing, I joined in October because of precisely this issue. I want to raise awareness so that Apple improves their response, not continue with it's current fog of a policy.
Score: 5 Votes (Like | Disagree)