Apple Posts Support Doc Saying That They’re Affected By The Epic Intel CPU Vulnerability

Apple late yesterday posted a new support document covering Meltdown and Spectre which are the two CPU vulnerabilities that affect Intel and other CPUs. It confirms that if you are running iOS 11.2, macOS 10.13.2, and tvOS 11.2, you don’t have to worry about the Meltdown vulnerability because they fixed that when this issue wasn’t widely known. Additional fixes are coming to Safari in the near future to defend against the “Spectre” vulnerability.

Now those of you who noted that iOS and tvOS are on the list, and concluded that iPhone, iPads and Apple TV’s are affected by this issue. Good catch.

Now one thing that isn’t clear is if these vulnerabilities have been addressed in older versions of iOS and Mac. In the case of the Mac there were security updates for older versions of macOS released alongside macOS 10.13.2, so it’s possible fixes are already available for Sierra and El Capitan. But I would say that the safest thing to do is to update your Mac, or any of your Apple devices to the latest version of whatever OS they use to be safe.

UPDATE: I just found this document that says that these fixes are also in security updates for macOS Sierra and El Capitan. Specifically:

Kernel

Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6

Impact: An application may be able to read kernel memory

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

CVE-2017-5754: Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology GmbH, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology

UPDATE #2: Strangely, this document which this morning said Sierra and macOS Sierra and El Capitan has the fixes for this vulnerability (and I copied and pasted that in my first update) has since been altered to exclude these two operating systems. Thus it’s unclear if the fixes for this vulnerability are there for those two operating systems or not. On top of that, this document now references watchOS and the fact that it didn’t require any fixes.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: