Apple Updates macOS and iOS To Address Spectre Vulnerability

Days after Apple disclosed how it would be dealing with the Meltdown bug that affects modern computers, it's pushed out fixes for the Spectre exploit as well. From a report: iOS 11.2.2 includes "Security improvements to Safari and WebKit to mitigate the effects of Spectre," the company writes on its support page, while the macOS High Sierra 10.13.2 Supplemental Update does the same for your Mac laptop or desktop. Installing this update on your Mac will also update Safari to version 11.0.2.

Updated (after Firefox)

[cerberusss]

Decently quick update to Safari and the OS from Apple. However Firefox had already updated. Loving it more and more :)

Re:Great

It's hard to imagine this extra cpu 'housekeeping' will improve battery life.

Support older hardware / operating systems!!

Apple - the world's richest tech hardware company - has accumulated their mountain of cash in part by a pattern of (plausibly) unscrupulously pushing customers to upgrade hardware.

It's about time they acknowledged their role in this by actually supplying fixes for these vulnerabilities across the entire fleet and field of devices and operating systems. I want an update for iOS 3 and System 8.6!

Re:Support older hardware / operating systems!!

[Hal_Porter]

I'd like an update for Yosemite. However I'm very unlikely to get one.

Re:Support older hardware / operating systems!!

[Chaset]

A joke, for sure, since System 9 and lower only had partial/half-assed memory protection (if you could call it that, and only for PowerPC code. 68k systems had none, IIRC).
However, it would be an interesting academic exercise to see whether PowerPC 603/604/750 have the same issues and to what extent.

Re:Support older hardware / operating systems!!

I'm not sure this is really a joke. I recently (less than a month ago) updated from 10.7 to 10.11 at work. Looks like I'm outtalucko unless someone wants to spend a fuckton of time to deal with the problems that come with Yet Another Mac OS version (we have a mix of 10.11 and 10.6 machines, the 10.6 ones being particularly hard to upgrade). Every single Mac OS X upgrade has broken something, somewhere. Sometimes it's a big deal, sometimes it's not, but I'm not feeling lucky. (Also, the general quality of the OS keeps going down with each new release.)

This problem wouldn't exist if we could run a modern OS (e.g. Ubuntu), but we have legacy requirements that make it so that Mac OS X and MS Windows are the only possible options that we'll ever be able to use at this company. The legacy requirement isn't going to be modernized; nobody has time for doing that.

Re:Support older hardware / operating systems!!

[tlhIngan]

A joke, for sure, since System 9 and lower only had partial/half-assed memory protection (if you could call it that, and only for PowerPC code. 68k systems had none, IIRC).
However, it would be an interesting academic exercise to see whether PowerPC 603/604/750 have the same issues and to what extent.

68K didn't use memory protection, PowerPC used only just enough to get it to work.

In theory I believe the later PowerPCs did do OOO execution with branch preduction, but the early ones did not. It was deemed not necessary since it was a RISC processor and the instructions were very simple to not need such sophisticated techniques. Then we realized superscalar lets us do more than one instruction per clock and achieve even higher speeds.

Interestingly, Apple claims its Axx processors are also susceptible to Meltdown attacks - not just Intel. Though they're not fixing it via page table isolation (which their old 32-bit processors had - darwin was a 4G/4G system and the kernel always had its own memory map on 32-bit). Since Apple controls the whole stack, they're fixing Safari/Webkit to block that kind of javascript attack

Re:Support older hardware / operating systems!!

[drinkypoo]

However, it would be an interesting academic exercise to see whether PowerPC 603/604/750 have the same issues and to what extent.

PPC is OoO, so it sure could. If I had to bet, though, I'd bet that IBM and Motorola together did it the correct way. Let's hope so, because Apple ain't updating 10.5 any more.

Re:Support older hardware / operating systems!!

[BancBoy]

According to the TenFourFox blog about PowerPC vulnerability to Spectre and Meltdown. PowerPC is immune to Meltdown. G5 is vulnerable to Spectre but G3 and G4 may have some resistance.

Re:Support older hardware / operating systems!!

68K didn't use memory protection

SOMEONE IS WRONG ON THE INTERNET! I NEED TO FIX THIS!

That's like saying x86 doesn't use memory protection. 68030 and later has MMU (and it could be added to the 68020 with a separate MMU chip). Memory protection was a function of the OS, not the hardware. By the 1990s, everyone's hardware had the ability (just like MSDOS users with 80386 had the hardware, but not the software).

The most popular OSes for 68K didn't use memory protection, but some did.

Re:Support older hardware / operating systems!!

[anarkhos]

El Cap broke a lot of drivers including most verizon phones/mifi devices. Some apps like CS1 won't work, either.

Wonder if this one will brick AMD boxes too...

Bye-bye Hackintoshes?

So no fix for macOS 10.12?

I'm stuck since I am on VMWare Fusion 8.5 which doesn't support High Sierra. I'm not willing to roll the dice and upgrade if it could break my ability to get work done, and my company is tight on the budget.

Re:Great

Does it also fix the fast battery draining they so kindly introduced with 11.0 and didn't fix in 11.0.1?

It's stupid having a mobile device that could _literally_ lose 10% of it's batery life by just sitting 15 minutes on a desk, check my phone, 95% battery, check it again 15 minutes later 85%, what da fuck just happened?

Re:Great

It's hard to imagine this extra cpu 'housekeeping' will improve battery life.

*shrug* what's a few electrons in the balance?

[SARCASM]
I'd /much/ rather give those CPU cycles and 37 seconds of battery life to someone who exploited my device.
[/SARCASM]

The cat & mouse game rages on....... :)

Here's one for the fanbois:

[hey!]

Apple's Spectre patches won't be bricking any AMD computers.

Re:Here's one for the fanbois:

Really? I wouldn't put it past them.

Re:Here's one for the fanbois:

Really? I wouldn't put it past them.

Seeing as how Apple doesn't *make* any AMD-based computers, the odds are pretty good that they won't brick any.

*Hackintoshes do not count.

Power consumption tips and tricks

[WillAffleckUW]

You forgot to change the default settings for your apps. You can do the following:

1. For podcasts they default to checking and downloading every hour. Yes, every hour. Reset these to Every Day, or for weekly podcasts, Every Week. For podcasts that post during the day, consider Every 6 Hours. Each time it checks it will connect, search, and download.

2. Turn off apps you don't want running when you have Wireless or Cell service. A lot of times you only want one of these.

3. Turn off Sync for almost anything. The only exception tends to be Calendar.

4. Turn off Bluetooth if you're not using it.

5. Always turn things off in Settings. Never use the pull down pull up menus to turn things off. That will only turn things off for one hour.

6. Every patch, Apple resets everything. Go check again, they probably turned them on. They just turned on my Ring on Notification even after I had turned it off, once the patch was installed. Yes, it's a royal pain.

Re:Power consumption tips and tricks

A. Thanks. This is probably helpful to someone.

B. Default behavior with bluetooth on and a lot of apps dinging internet all over the place used to get me about 1.5 days on a charge. After 11.0/11.0.1 I get 11 hours. A slow/weak charger cannot even keep up with the drain, such that trying to charge it overnight with no interaction with the phone results in a dead battery. Apple pooched it on this release.

Re:Power consumption tips and tricks

[WillAffleckUW]

Valid points. But this patch was never about better battery performance, it was about the pre-arranged security holes that had become known outside of the mil int reservations and weaponized.

By that measure, the patch is a good solution. But Apple should address the issues you raise.

Only an update for High Sierra?

Not seeing a macOS patch available for El Capitan or Sierra. (10.11, 10.12).

Re:Great

No, it just fixes the Spectre security bug.

Any other questions?

32 bit iOS devices not supported

Cannot upgrade to iOS 11, but devices otherwise just fine. Is it really fine to leave those unpatched?

stop "helping" me and making things work

[supernova87a]

This is outrageous that Apple is rolling out some software update to "help" our processors function better without asking us! I demand to be asked whether I want this software fix to be implemented, because it makes my processor work slower! I want to do this myself. Apple sucks and don't get me started on batteries.

Re:stop "helping" me and making things work

Check your benchmarks. Many are actually seeing IMPROVED results after this update. Seriously.

Only for High Sierra?

Is there no fix for Sierra or earlier?
Or is this another eff U from Apple?

Better than Microsoft!

[Ecuador]

See? Apple delivered the update without bricking* any AMD CPUs! That's how you do it!

*the term is used here very loosely.

Re:Better than Microsoft!

What about those running a Hackintosh with an AMD processor?

Re:Better than Microsoft!

They do not deserve support, as they are violating the EULA.

Re:Better than Microsoft!

They are used to things not working.

Re:Better than Microsoft!

[cfalcon]

Given how generally impossible it is to run a Hackintosh with an AMD CPU, I imagine those folks will just issue more patches to their stack of stuff required to get OS X up and running on AMD. I really feel that AMD Hackintosh users are a trivial minority of Hackintosh users, who are in turn a trivial minority of OS X users, who are in turn a reasonable minority of desktop/server/lappie users.

Basically, they'll do what they have always done to get OS X to run on AMD: hack at it awhile and hopefully beat something into shape.

Re:Better than Microsoft!

You might want to check and see if you can log in as root with no password. Just in case. Because; you know... apple.

Re:Better than Microsoft!

the side effects leveraged by spectre should be specific to the hardware platform anyway. it'd probably mess up their attacks to be running on such an unexpected hardware configuration.

one advantage to being a hack is that you're not a generic target.

Re:Better than Microsoft!

The term is used incorrectly, not loosely.

Re:Better than Microsoft!

[gordguide]

If you set a root user/password that exploit doesn't work and never did. Any /.'er who failed that step should probably cancel their account here. Seriously.

Re:Better than Microsoft!

[thegarbz]

See? Apple delivered the update without bricking* any AMD CPUs! That's how you do it!

Have you tested it on any AMD CPUs?

Why not move to High Sierra?

[SuperKendall]

El Capitan, possibly we'll see a patch for that - may not be possible though as it might rely on other work done in 10.12.

However it does not matter if there's no patch for Sierra, as the system specs for Sierra are tree same as High Sierra. There you patch is to upgrade to High Sierra - if you think this issue is serious.

Re:Why not move to High Sierra?

Unless, like me, you can't update because you can't shell out for VMWare Fusion 10 and you're stuck on 8.5.

Re:Why not move to High Sierra?

Hey honey, I can’t come to bed yet because someone on the Internet spelled something wrong.

Re: Why not move to High Sierra?

Never heard of Pirate Bay? Or you'd rather give Dell/emc more money. Good on you sir.

Re: Why not move to High Sierra?

Because High Sierra fucked up SMB when communicating to network shares; and mapping via CIFS is uber slow!

AVOID High Sierra if you depend on mapped shares over a LAN!

Re:Why not move to High Sierra?

[CanadianMacFan]

Because there's nothing on the latest versions of macOS and iOS worth updating for at least for me. So if I do install them I'll just have slower systems due to the extra bloat and apps from Apple that don't work as well.

I'm avoiding moving onto iTunes 12.7 because they took out the apps in an incredibly stupid move. I have iOS apps installed on my iPhone and iPad so I'll be downloading the app twice instead of once to my Mac and syncing it to my devices. So there's no way I'm going to High Sierra while iTunes is so fucked.

And the Music app keeps getting more screwed up with each release. I haven't played around with iOS 11 but iOS keeps getting worse. 9 to 10 was terrible for handling notifications on the lock screen. They added a step or two in order to mark a reminder as completed. Just a bunch of little things like that which make the experience worse and I hate to see what they've done in 11. But since there's nothing that they've added that interests me all that it will do is slow down my devices.

I'd love for them to just put a patch out for Sierra and iOS 10.

Re:Why not move to High Sierra?

[SuperKendall]

Because there's nothing on the latest versions of macOS and iOS worth updating for at least for me. So if I do install them I'll just have slower systems due to the extra bloat

High Sierra is great because it's one of the optimization releases, it's been faster on the hardware I've installed It on. I can understand not installing it right away, I waited for the .1 release myself. but at .2 it's defiantly stable and of course it patches this extremely publicized flaw.

I have iOS apps installed on my iPhone and iPad so I'll be downloading the app twice instead of once

There's a good reason they did that though, because now they download apps with everything stripped out that is not useful for that device. So the apps you get are smaller individually than if you downloaded them to iTunes first and transferred them to the device, and take up less space on the device.

Re:Why not move to High Sierra?

[SuperKendall]

I see what you are saying, but if you are using a VMWare version that old why not just move to VirtualBox? It's free and since it's under development all the time, may well exceed the abilities of your older VMWare at this point.

Re:Why not move to High Sierra?

[antdude]

Because old Macs can't run Sierras? Also, High Sierra is still buggy for being new.

Re:Why not move to High Sierra?

[CanadianMacFan]

So the apps you get are smaller individually than if you downloaded them to iTunes first and transferred them to the device, and take up less space on the device.

But each device specific app that I download would not be smaller than half of the app I download in iTunes so I'm still pulling down more bytes. Plus I still have to actually go to both devices and do something to start the update process. Right now I just update the apps in iTunes and the next time I connect the device to charge it gets backed and any new apps, podcasts, and music gets put on it.

The system works very well for me and may not for others. But this is just a continuation from Apple of forcing people to work in the one workflow that they want people to work in. They've been doing it with their interface. They've been doing it with the bigger phones because nobody wants to use a phone one-handed anymore! /sarcasm When Steve Jobs was around there were a number of ways you could do your tasks and they were simple. That methodology has gone away from the products and they aren't as nice to use because of it.

I used to use Apple products because I really liked using them. Now I use them because I haven't found anything better out there. I think that there are a lot of people to think like I do and if a company does come along that makes products that are fun to use again then Apple is in trouble.

Re: Why not move to High Sierra?

Proper grammar and punctuation are important. The only people that do not value them are the Americans. That's why you have generations of illiterate people. You don't know how to make yourselves understood. We are not living in the middle ages, learn to spell. If it's not hard for me, a non-English native, it's not hard for you either.

Re:Why not move to High Sierra?

[anarkhos]

Dude, I'm stuck on Yosemite due to lack of El Cap drivers

does it mean

[zlives]

that installing this update will make my OS and any apps on it unable to exploit the Specter vulnerability? or just that safari and webkit is mitigated

Re:does it mean

Spectre allows a process to view the memory of itself. It's not an issue the OS can really worry about, each application that attempts to run code in a way that it itself sandboxes would have to address this individually. Every application that does this, such as browsers, would have to make some manner of update. Spectre is not that interesting and nowhere near as silly as Meltdown. Spectre is a result of idiotic assumptions made by application developers: Meltdown is a result of normal assumptions being made by kernel developers, with Intel failing them.

Re:does it mean

[110010001000]

Why does it matter? Meldown is the one you should be concerned about. It is an Intel only bug and can only be fixed by replacing the CPU.

Re:does it mean

[zlives]

looks like Apple, MS and others are saying it can be mitigated by patches. so the issue remains with Specter as far as i know.

Re:does it mean

[zlives]

" Spectre is not that interesting and nowhere near as silly as Meltdown" currently... i agree. though if some one can exploit it further and weaponize/make it available the issues would be much more severe.
it seems that the scope is pretty minimal except we don't know the full story yet.

build 11604.4.7.1.6 & 12604.4.7.1.6

Installing this update on your Mac will also update Safari to version 11.0.2.

In case anyone is confused, Safari11.0.2 came out back in December.

What was released today are builds 11604.4.7.1.6 (El Capitan) and 12604.4.7.1.6 (Sierra) plus whatever comes with the High Sierra update.

About the security content of Safari 11.0.2

So just because you are already at 11.0.2, that doesn't mean you are already up to date.

Re: Great

Yeah. Will they fix it in 11.0.2?

Oh really

[SuperKendall]

There is not such phrase as "tree same".

Tell that to autocorrect.

Moron

No, I simply do not waste my time editing or proofreading anything when I know people of the lowest moral fiber - i.e. grammar nazis - will be critiquing.

Re: Great

[ruir]

10.3 is full of nasty bugs. Between a rock and a hard place...

Re: Great

That's why I stayed on 10.2.1.

A foolish move

[Provocateur]

Is Apple saying That's okay, Intel, we got your back and let the giant go with a pat on the derriere?

Re:Great

Of course not, it works as designed. Don't you get the kind hint from Apple that your device is too old and you must buy a new one?

Not good

We don't want slower MacOS. We want a new CPU in my computer, Apple, hear this.