Meltdown and Spectre Explained




  • Ben Greiner

    Apple released three updates today that are supposed to address the Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerability:

    1. macOS High Sierra 10.13.2 Supplemental Update
      For 10.13.2 (and only 10.13.2, doesn’t show up as an option for a 10.13.0 or 10.13.1 Mac)

    2. iOS 11.2.2
      I applied it to my phone and nothing blew up. 

    3. Safari 11.0.2 (11604. or 12604.
      For 10.11.6 and 10.12.6. Here’s the fun part: Apple originally released Safari 11.0.2 in December. They essentially just reissued it today with a new build number.

    Apple also updated this article, About speculative execution vulnerabilities in ARM-based and Intel CPUs. The second paragraph gives a wee bit of hope that fixes for Meltdown are coming for OSes other than 10.13.2:

    Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. To help defend against Spectre, Apple has released mitigations in iOS 11.2.2, the macOS High Sierra 10.13.2 Supplemental Update, and Safari 11.0.2 for macOS Sierra and OS X El Capitan. Apple Watch is not affected by either Meltdown or Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, and tvOS.

    Comment actions Permalink
  • Ben Greiner

    WED JAN 10, 2018 SUMMARY

    At this time Apple has only addressed Meltdown in:

    • macOS 10.13.2
    • iOS 11.2  
    • tvOS 11.2

    The Spectre vulnerability should be patched in:

    • Safari 11.0.2 (build 11604. for 10.11
    • Safari 11.0.2 (build 12604. for 10.12
    • Safari 11.0.2 (build 13604. or 13604. or check for macOS build number 17C205
    Comment actions Permalink

Please sign in to leave a comment.