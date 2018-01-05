 
Safe Computing | 05 Jan 2018 | Print Printer-Friendly Version of This Article | Comment (2)

Apple Releases Information on Meltdown and Spectre

by Adam C. Engst Send Email to Author

The tech world has been abuzz with discussion of Meltdown and Spectre, massive “speculative execution” security vulnerabilities recently discovered in the CPUs used by nearly all modern computing devices, including the Intel CPUs used in Macs and the ARM-based CPUs in iOS devices. Ars Technica has a good explanation of the problem and overview of the response from different companies.

Apple has now posted a support note explaining the situation from the company’s perspective. In short, Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and claims that its changes resulted in no measurable reduction in performance. An upcoming release of Safari will mitigate the Spectre exploits with only a minimal performance impact. Apple says that the Apple Watch is unaffected by both Meltdown and Spectre.

That’s all good, but note the word “mitigate” in Apple’s note — the company isn’t saying “fix.” Spectre, in particular, is a subtle vulnerability, and we’ll likely be seeing additional protections worked into software over time.

In other words, staying up to date with the latest security fixes from Apple is becoming ever more important.

 

Comments about Apple Releases Information on Meltdown and Spectre

G. Douglas Eddy  2018-01-06 13:38
I hope they will have updates for those who haven't fallen off the cliff to High Sierra! There are lots of us out here who also need help!
Reply
Randy Spydell  An apple icon for a TidBITS Angel 2018-01-06 17:33
I agree with Mr. Eddy. This security vulnerability is potentially serious enough that patches should be out promptly for those of us who have not yet chosen to endure macOS 10.13.x. And, perhaps a significant discount might be offered to those of us who would be willing to trade in our old-chip-containing devices for new ones containing secure chips once they become available. I assume they *WILL* become available someday . . .
Reply
 