Apple Releases Meltdown and Spectre Fixes For Older Versions of MacOS

An anonymous reader quotes a report from Neowin: Apple released its round of bug fix/security updates -- including iOS 11.2.5, macOS 10.13.3 High Sierra, watchOS 4.2.2, and tvOS 11.2.5 -- today. In doing so, it also offered some security updates for Macs running older versions of its OS, including OS X 10.11 El Capitan and macOS 10.12 Sierra. The security updates mainly focus on the Meltdown and Spectre vulnerabilities, which were fixed for High Sierra users a couple of weeks ago. OS X 10.11.6 El Capitan got the smallest update, including fixes for IOHIDFamily, Kernel, QuartzCore, and Wi-Fi. As for the Sierra update, it's available for machines that are running macOS 10.12.6. It includes the above fixes, but it also includes improvements for Audio, LinkPresentation, Security, and there's an additional Kernel fix.

No risk of higher spurious reboot rates?

[ls671]

No risk of higher spurious reboots rates?

How did Apple pull this one off?

Intel Urges OEMs and End Users To Stop Deploying Spectre Patch As It May 'Introduce Higher Than Expected Reboots

https://it.slashdot.org/story/...

Re:No risk of higher spurious reboot rates?

[hcs_$reboot]

The microcode is from Intel, but there are other ways to fight these vulnerabilities.

Re:No risk of higher spurious reboot rates?

[ls671]

I believe you hcs_$reboot, I am sure you know everything about reboots!

Re:No risk of higher spurious reboot rates?

Also, why has by RHEL workstation been stable with the patches?

"Apple stops trusting Intel BS" - future headline

Those home-baked ARM's can't get taped and plated fast enough.

Fix all the way back...

[pubwvj]

Apple, Microsoft, Intel & friends should be fixing for all systems all the way back. There are still a large number of people using Yosemite and earlier systems in the MacOS world. Lots of PCs out there running earlier versions of Windows. If this is such a big deal it should be handled broadly. How do you want your nuclear power plant to MeltDown? Realize it is running older hardware... Nasty.

Re:Fix all the way back...

if you are on such an old version of the OS that it is out of support then obviously the machine isn't actually important enough to you anyway. The number of Windows users on XP and lower is pretty small nowadays and the same for Yosemite and earlier. Your assertion that it is a large number I think requires a citation!

Re:Fix all the way back...

[Hal_Porter]

It tells you a lot about Apple's politics that they release an OS with a name that sounds like "Yo! Semite!" and then refuse to patch it.

Oy veh!

Re:Fix all the way back...

So what you are saying is that Yosemite Sam is Jewish?

Standard practice

[93+Escort+Wagon]

Apple has been keeping the three most-recent versions of macOS / OS X patched for quite a few years now. What was actually a bit unusual was them releasing a partial patch for High Sierra without also posting patches for Sierra and El Capitan at the same time.

Regardless, I'm glad to see this since I'm (intentionally) still running El Capitan.

Older?

If by "older" you mean a 2 year old OS, then sure, it's old by all means.
But I guess this is an achievement for Apple.

Re:Older?

[PixetaledPikachu]

From what I've read, the newest version of OSX can be installed to Macs as old as 2010, and it's free too.
Which bring me to question:
I'm not a Mac user and I'm curious about the reason for Mac users on staying on older version of OSX, since the only thing that you have to spend on upgrading is time, and maybe the cost of internet bandwidth. As a comparison, one of the machines in my household is a 2010 Toshiba Satellite M300 (C2D, 4GB RAM, 240GB SSD), which currently runs eOS Loki, based on Ubuntu 16.04 LTS, and I'm looking forward to upgrade once 18.04 LTS-based eOS is released, if the machine can handle it (the SSD helps a lot). My second-hand X230, a 2012 model runs 17.10

Re:Older?

Performance can be a reason, for example my 2009 17" MacBook Pro which I use to type this can only be upgraded to El Capitan, which I did. But it took minutes to boot. So I got a SSD for it, which I would not be able to do in the newer Apple machines (all of the laptops at least). The laptop with an SSD is reasonably fast and can stream 720P at 30Hz quite well, but not higher resolutions of frequency.

I've not followed the underlying technological evolution of the OS in recent years but newer versions are usually tuned for the newer hardware and upgrading is not always an improvement in performance, especially on the older machines.

Re:Older?

[Just+Some+Guy]

High Sierra runs fin on my 2011 MBP (16GB RAM, 1TB SSD). If it didn't, I'd upgrade this 6 year old boat anchor to get the newer OS, but it's had a pretty great run of it already.

Re:Older?

I'm not a Mac user and I'm curious about the reason for Mac users on staying on older version of OSX

Let some other suckers be Apple's beta testers. macOS 10.13 has fscked up a lot of systems that it was supposed to run fine on. It may have worked well for a fair number of people, but the number of systems that have had problem have been way too high.

On top of that, there really isn't a whole lot in the new versions that screams "I must have that". Each new version gets bigger and incrementally slower. For those of us with old enough machines that upgrading the SSD (or even upgrading to an SSD) is an option, that only takes you so far. The only reason I've upgraded as far as I have is because the software I use has increasing minimum OS requirements. Were it not for that, I'd still be running 10.6, the pinnacle of OS X, IMO, before the bloat started to set in and the UI started to get too flat and grey.

Re: Older?

In my experience as a repair tech, it's almost always because some sort of paid software is incompatible with higher version releases. Of course, with Macs being cookie cutter, if you have one of them in this situation you just buy another one and keep on trucking.

I haven't seen on lately, but a few years ago audio producers were coming in with 10.7 macs.

Re:Older?

Bugs. I'm still running El Capitan because I don't trust the quality of Apple's new software. The recent snafu where one could log on to a High Sierra machine using the user name "root" with no password just reeks of lousy developers and no quality control.

Re:Older?

[angel'o'sphere]

The UI of OS X and macOS after 10.9 is just plain ugly.
That is why my Air stays on 10.9 and my 17" on 10.6.8

Why should I upgrade? The newer OSes have nothing my old ones lack.

Re:Older?

[drinkypoo]

The only mac I've got around is a PowerPC mac, which Apple abandoned while people were still using them to do work. On the down side, Apple abandoned it long ago, because they don't give one tenth of one shit about customers who aren't willing to keep forking out new money whether their old hardware was doing the job or not. On the up side, the only POWER/PowerPC processors vulnerable to MELTDOWN or SPECTRE are Power7 through Power9 processors. Sadly, they are vulnerable to both attacks, suggesting that IBM played the same kind of games with security as Intel.

Re:Older?

[Bert64]

Has anyone proven that the old PowerPC processors are not vulnerable, or has IBM only bothered checking the newer models?

Re:Older?

[drinkypoo]

Has anyone proven that the old PowerPC processors are not vulnerable, or has IBM only bothered checking the newer models?

There's probably still lots of the older ones in use (maybe not THIS old, but still, older than Power7) and if IBM didn't bother to check them, they might well be held liable later. IBM is pretty good about legal issues if nothing else, and will almost certainly have done their homework there.

Unlike Intel, IBM probably still understands their old designs.

Re:Older?

http://tenfourfox.blogspot.com/2018/01/actual-field-testing-of-spectre-on.html

Re:Older?

[Megane]

I'm now in a position where I may have to upgrade my daily driver (a Late-2011 17" model) from 10.9.

I got one of those cheap Chinese logic analyzers a few weeks ago. I don't want to run Saleae's software out of principle (even assuming they have a Mac version), since there is a FOSS replacement, but the FOSS replacement uses Qt, which doesn't want to support earlier than 10.10. It crashes shortly after launch. And I can't find any pre-compiled versions other than "latest", because of course there's no reason to keep around those stinky older versions! (raaaaaaaaage!)

The main reason I upgraded to 10.9 was because OpenGL got fixed such that a badly-behaving program couldn't crash the GPU. (that was Minecraft 1.6) And there are other OpenGL enhancements in 10.11 that I might want to have for a different game. So now I need to decide whether to go with 10.10 or 10.11. Also, it doesn't help that the 10.10 installer contains a since-expired certificate (which causes the install to fail with a misleading error), so you have to set your clock to 2014 before you install.

Re:Older?

[Maury+Markowitz]

> Each new version gets bigger and incrementally slower

I certainly haven't seen that. My machine's from 2013, and I haven't seen any sort of slowdown in spite of updating many times. Larger yes, but not slower. Quite the opposite, a few graphics-related tasks got faster, and there's Metal on the gaming side.

Re:Older?

For me, it's software support and the UI. The switch to packages vs. simple folders for media projects is a real pain, turning something that was seamlessly integrated into the UI into a mess of extra steps all so Apple can control how you interact with media (just give me the damn source files and I'll use them how I want to, thank you very much). I still have one computer at 10.5 (it can support up to 10.11 or 10.12) so I can run iMovie 4 (the easiest tool for mucking about with SD video). You lose a few things when you move to 10.6 and a few more past that (like PowerPC application support and most QuickTime Pro add-ons), up to 10.13 where you lose support for 32-bit applications (like any pre-ribbon versions of MS Office). Upgrading would destroy my workflow for simple tasks and require spending a lot of money on new versions of software, potentially getting me stuck in subscription hell. The downside is that web developers these days only support the latest and greatest in browser technologies, so some sites like Twitter won't work very well on OS versions that don't support current browsers. I'm not sure if that even counts as a negative.

Bottom line, only my newest Mac could even run 10.13, so I have no incentive to stay current. I'll need to upgrade something to 10.11 to run TurboTax, but nothing else seems to care that I'm running 10.10 or older. Might as well keep going with what works. I only recently updated my phone's OS because of poor application support, and I took a performance hit and lost a whole bunch of files for no apparent reason (not to mention the added security holes and the constant nagging to update something or other that the older version didn't do). That reminds me, 10.10 constantly nags too, with no option to just leave me alone (and every update renders the computer unable to boot up normally without multiple attempts to boot into safe mode). Best to stay at 10.6 or 10.8 if you have the option.

Re:Older?

[Kozar_The_Malignant]

I keep a Yosemite partition my MacBook Pro to run camera control software on my telescope. It won't run on El Cap and newer and newer versions of the camera control software dropped support for my perfectly good camera. Catch 22.

Re:Older?

The only mac I've got around is a PowerPC mac, which Apple abandoned while people were still using them to do work.

Yeah, I know what you mean... Apple quit supporting my Mac Plus eons ago. They treat their customers like trash, especially us folk who buy from them so often (like every decade or two).

Re:Older?

[Dr.Who]

The latest version of Mac OSX 10.13 High Sierra is not compatible with versions of Microsoft Office in use at our house and my spouse's small business. For example, Microsoft Office 2011 for Mac OS is not supported or tested on Mac OSX High Sierra. Even versions of Microsoft Office 2016 prior to v15.34 are not compatible. So when/if we update Mac OSX, we will have to buy new versions of software AND perhaps deal with the O365 perpetual subscription mess. No, it is not feasible to migrate to Open Office because we have several large applications built on Excel Macros and Excel VBA.

Re:Older?

POWER6 is in-order (this is quite different from the other ones) so it's immune to the faults!

POWER5 on the other hand might be as vulnerable as anything else. And the PowerPC G5 is a desktop version of POWER4.

Re:Older?

[drinkypoo]

POWER5 on the other hand might be as vulnerable as anything else. And the PowerPC G5 is a desktop version of POWER4.

Well, upon reflection, I do believe you are correct. Looks like they have promised further communication on this issue. That certainly suggests that older generations are affected.

Of course they did

It's well known that most fixes for these vulnerabilities decrease CPU performance. "We fixed your vulnerability, sorry your machine is running so so, please consider one of our new models"

Pure genius... Degrade older system performance under the guise of security.

Re:Of course they did

[Wootery]

guise

You realise Apple didn't design the vulnerable CPUs, right?

Did they also bring back..

the login in as root ( no password required ) bug too?

So, I assume updates for older iOS's are coming

[sabbede]

next, right? Because not everybody buys a new phone every year or every other year.

All the way back to 2015...

The only real difference in their newer major versions is more features and more bugs. They didn't patch any of their old OS really

Re:Older? 32 bit support is fine

[ameline]

10.13 works fine with 32 bit apps and processes. I'm running 10.13.2, and Activity monitor shows MS word is a 32 bit App running fine. (MS Word 2011 v14.7.7)

Unless your company's running CarbonBlack

[whitroth]

In that case, do not install - your Mac will not boot to multuser mode.