Along with macOS High Sierra 10.13.3, Apple this morning released two new security updates that are designed to address the Meltdown and Spectre vulnerabilities on machines that continue to run macOS Sierra and OS X El Capitan.
As outlined in Apple’s security support document, Security Update 2018-001 available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 offers several mitigations for both Meltdown and Spectre, along with fixes for other security issues, and the updates should be installed immediately.
Together with last week’s update, this means the last three major revisions of macOS are now protected from the processor bugs.
I assume that should read “now protected”.
AFAIK there is no total protection against Spectre, only migitation.
Thom Holwerda,
I think it’s premature to say anyone is now protected from the processor bugs. For one thing, intel has publicly stated that it’s patches are faulty and recommended they not be installed at this point in time.
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identifie…
Also the code pattern used by spectre is relatively rare in C based kernels (and therefor easier to clean out), but I believe there could be potentially many variations on the spectre attack that will be more difficult to identify and mitigate.
One final point is that even if the kernel is fully protected, the spectre attack works across domains, so system daemons and other processes are potentially vulnerable even if the kernel itself is not.
Unfortunately there’s no quick fix for this class of attack, short of disabling speculative execution entirely.
Edited 2018-01-23 23:33 UTC
Initially it more than doubled my boot time and I thought here we go back to the bad old days of 30+ second boots, but an nvram reset has it booting a mere 4 seconds slower than preupdate. Even so, if linux can manage 7 seconds why do I have to wait 16 on my iMac?
Its very common that your bootup is slower first boot after a update but other then that the patch is only for Safari so that updating Safari would make your computer slower sounds very strange.. are you sure its not just placebo?
Edited 2018-01-24 08:18 UTC
High Sierra is slow by design. https://www.youtube.com/watch?v=Lr1rEdRgxVY
all unixes used C programming, but lately LINUX act so nervous, while that MICROSOFT still assuring users everything is fine in their end…besides…it has no effect on any BSD or FreeBSD so far…its older system code than newer alter fake UNIX aka LINUX BOX…
only way to make it work…the spectre bug has to latched on exe or windows system syscalls like svchosts …while unix can’t run exe or run win syscalls at all…so its recommended not update at all if using apple or bsd or even LINUX shouldn’t jump the gun when they forget who they are really….i am not sure its a UNIX os or some fake type linus created….its a mess to me…their code base is litter with bugs all the time…
Edited 2018-01-27 02:38 UTC