Skip to main content
X

Send us a Topic or Tip

Have a suggestion for the blog? Perhaps a topic you'd like us to write about? If so, we'd love to hear from you! Fancy yourself a writer and have a tech tip, handy computer trick, or "how to" to share? Let us know what you'd like to contribute!

Thanks for reaching out!

Everything You Need to Know About CPU Vulnerabilities, Meltdown and Spectre

[Update 01/08: Apple releases new security update to protect Safari against the Spectre attack]

In case you have missed recent media reports, a security vulnerability in Intel and other tech companies’ CPUs has been discovered that affects nearly every major platform.

Named Meltdown and Spectre, the security vulnerabilities allow programs to steal data, which is currently processed on the computer. As MacRumors has reported, the companies involved have began to make statements about the issue.

For those concerned about how the vulnerability might affect them, spectreattack.com has put together a Q&A with extensive information about the bug including which systems are affected and what can be done, as well as more technical information about Meltdown and Spectre.

Below is a summary of each bug via spectreattack.com:

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. 

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.


Further Reading:

OWC Newsfeed
the authorOWC Newsfeed
The OWC Newsfeed provides the latest OWC, MacSales.com, Rocket Yard, and industry news, information, and announcements for your reading pleasure and shareability!
Be Sociable, Share This Post!

Leave a Reply

12 Comments

    • Holy Moly, R! Thanks for posting this. I would not have thought to re-check that page and would have mistakenly believed that all was well with the world. This is terrible news, as I am on a mission-critical system and am not certain that an upgrade to High Sierra is safe for all the software that I use.

    • No they do not. Read it more carefully: Meltdown is mentioned only in respect to the 10.13.1 update. A number of other security fixes are mentioned, but this is the only one that mentions Meltdown.

  • So, I am running a MacPro4,1 and am wondering how I protect myself since I am unable to update to Sierra or High Sierra?

    • Your Mac Pro Early 2009 supports running OS X 10.11.6. El Capitan received the patch for this vulnerability in early Dec 2017. Make sure that your OS the most current and that all security updates have been applied.

  • Apple reported that it patched High Sierra with the 10.13.2 update. But what about macOS 10.12 and 10.11? I’ve seen no mention of patches for them.

    • The issue was patched in 2017-005 El Capitan and 2017-002 Sierra updates on Dec 6, 2017.

    • I have not noticed any impact on performance on my Mid 2010 MBP running macOS 10.12.6.