Apple Releases Meltdown and Spectre Fixes For Older Versions of MacOS

An anonymous reader quotes a report from Neowin: Apple released its round of bug fix/security updates -- including iOS 11.2.5, macOS 10.13.3 High Sierra, watchOS 4.2.2, and tvOS 11.2.5 -- today. In doing so, it also offered some security updates for Macs running older versions of its OS, including OS X 10.11 El Capitan and macOS 10.12 Sierra. The security updates mainly focus on the Meltdown and Spectre vulnerabilities, which were fixed for High Sierra users a couple of weeks ago. OS X 10.11.6 El Capitan got the smallest update, including fixes for IOHIDFamily, Kernel, QuartzCore, and Wi-Fi. As for the Sierra update, it's available for machines that are running macOS 10.12.6. It includes the above fixes, but it also includes improvements for Audio, LinkPresentation, Security, and there's an additional Kernel fix.

No risk of higher spurious reboot rates?

[ls671]

No risk of higher spurious reboots rates?

How did Apple pull this one off?

Intel Urges OEMs and End Users To Stop Deploying Spectre Patch As It May 'Introduce Higher Than Expected Reboots

https://it.slashdot.org/story/...

Re:No risk of higher spurious reboot rates?

[hcs_$reboot]

The microcode is from Intel, but there are other ways to fight these vulnerabilities.

Re:No risk of higher spurious reboot rates?

[ls671]

I believe you hcs_$reboot, I am sure you know everything about reboots!

Fix all the way back...

[pubwvj]

Apple, Microsoft, Intel & friends should be fixing for all systems all the way back. There are still a large number of people using Yosemite and earlier systems in the MacOS world. Lots of PCs out there running earlier versions of Windows. If this is such a big deal it should be handled broadly. How do you want your nuclear power plant to MeltDown? Realize it is running older hardware... Nasty.

Re:Fix all the way back...

[Hal_Porter]

It tells you a lot about Apple's politics that they release an OS with a name that sounds like "Yo! Semite!" and then refuse to patch it.

Oy veh!

Standard practice

[93+Escort+Wagon]

Apple has been keeping the three most-recent versions of macOS / OS X patched for quite a few years now. What was actually a bit unusual was them releasing a partial patch for High Sierra without also posting patches for Sierra and El Capitan at the same time.

Regardless, I'm glad to see this since I'm (intentionally) still running El Capitan.

Older?

If by "older" you mean a 2 year old OS, then sure, it's old by all means.
But I guess this is an achievement for Apple.

Re:Older?

[PixetaledPikachu]

From what I've read, the newest version of OSX can be installed to Macs as old as 2010, and it's free too.
Which bring me to question:
I'm not a Mac user and I'm curious about the reason for Mac users on staying on older version of OSX, since the only thing that you have to spend on upgrading is time, and maybe the cost of internet bandwidth. As a comparison, one of the machines in my household is a 2010 Toshiba Satellite M300 (C2D, 4GB RAM, 240GB SSD), which currently runs eOS Loki, based on Ubuntu 16.04 LTS, and I'm looking forward to upgrade once 18.04 LTS-based eOS is released, if the machine can handle it (the SSD helps a lot). My second-hand X230, a 2012 model runs 17.10

Re:Older?

[Just+Some+Guy]

High Sierra runs fin on my 2011 MBP (16GB RAM, 1TB SSD). If it didn't, I'd upgrade this 6 year old boat anchor to get the newer OS, but it's had a pretty great run of it already.

Re:Older?

[angel'o'sphere]

The UI of OS X and macOS after 10.9 is just plain ugly.
That is why my Air stays on 10.9 and my 17" on 10.6.8

Why should I upgrade? The newer OSes have nothing my old ones lack.

Re:Older?

[drinkypoo]

The only mac I've got around is a PowerPC mac, which Apple abandoned while people were still using them to do work. On the down side, Apple abandoned it long ago, because they don't give one tenth of one shit about customers who aren't willing to keep forking out new money whether their old hardware was doing the job or not. On the up side, the only POWER/PowerPC processors vulnerable to MELTDOWN or SPECTRE are Power7 through Power9 processors. Sadly, they are vulnerable to both attacks, suggesting that IBM played the same kind of games with security as Intel.

Re:Older?

[Bert64]

Has anyone proven that the old PowerPC processors are not vulnerable, or has IBM only bothered checking the newer models?

Re:Older?

[drinkypoo]

Has anyone proven that the old PowerPC processors are not vulnerable, or has IBM only bothered checking the newer models?

There's probably still lots of the older ones in use (maybe not THIS old, but still, older than Power7) and if IBM didn't bother to check them, they might well be held liable later. IBM is pretty good about legal issues if nothing else, and will almost certainly have done their homework there.

Unlike Intel, IBM probably still understands their old designs.

Re:Older?

[Megane]

I'm now in a position where I may have to upgrade my daily driver (a Late-2011 17" model) from 10.9.

I got one of those cheap Chinese logic analyzers a few weeks ago. I don't want to run Saleae's software out of principle (even assuming they have a Mac version), since there is a FOSS replacement, but the FOSS replacement uses Qt, which doesn't want to support earlier than 10.10. It crashes shortly after launch. And I can't find any pre-compiled versions other than "latest", because of course there's no reason to keep around those stinky older versions! (raaaaaaaaage!)

The main reason I upgraded to 10.9 was because OpenGL got fixed such that a badly-behaving program couldn't crash the GPU. (that was Minecraft 1.6) And there are other OpenGL enhancements in 10.11 that I might want to have for a different game. So now I need to decide whether to go with 10.10 or 10.11. Also, it doesn't help that the 10.10 installer contains a since-expired certificate (which causes the install to fail with a misleading error), so you have to set your clock to 2014 before you install.

Re:Older?

[Maury+Markowitz]

> Each new version gets bigger and incrementally slower

I certainly haven't seen that. My machine's from 2013, and I haven't seen any sort of slowdown in spite of updating many times. Larger yes, but not slower. Quite the opposite, a few graphics-related tasks got faster, and there's Metal on the gaming side.

Re:Older?

[Kozar_The_Malignant]

I keep a Yosemite partition my MacBook Pro to run camera control software on my telescope. It won't run on El Cap and newer and newer versions of the camera control software dropped support for my perfectly good camera. Catch 22.

Re:Older?

[Dr.Who]

The latest version of Mac OSX 10.13 High Sierra is not compatible with versions of Microsoft Office in use at our house and my spouse's small business. For example, Microsoft Office 2011 for Mac OS is not supported or tested on Mac OSX High Sierra. Even versions of Microsoft Office 2016 prior to v15.34 are not compatible. So when/if we update Mac OSX, we will have to buy new versions of software AND perhaps deal with the O365 perpetual subscription mess. No, it is not feasible to migrate to Open Office because we have several large applications built on Excel Macros and Excel VBA.

Re:Older?

[drinkypoo]

POWER5 on the other hand might be as vulnerable as anything else. And the PowerPC G5 is a desktop version of POWER4.

Well, upon reflection, I do believe you are correct. Looks like they have promised further communication on this issue. That certainly suggests that older generations are affected.

So, I assume updates for older iOS's are coming

[sabbede]

next, right? Because not everybody buys a new phone every year or every other year.

Re:Of course they did

[Wootery]

guise

You realise Apple didn't design the vulnerable CPUs, right?

Re:Older? 32 bit support is fine

[ameline]

10.13 works fine with 32 bit apps and processes. I'm running 10.13.2, and Activity monitor shows MS word is a 32 bit App running fine. (MS Word 2011 v14.7.7)

Unless your company's running CarbonBlack

[whitroth]

In that case, do not install - your Mac will not boot to multuser mode.