Skip to main content

Apple protects MacOS Sierra, El Capitan from Meltdown, lists Google bugs


Apple recently distributed updates for its Mac-based devices across three specific versions of MacOS: High Sierra (10.13), Sierra (10.12), and El Capitan (10.11). The updates for the two older MacOS versions specifically address CVE-2017-5754, otherwise known as Meltdown, which is a security issue recently discovered in Intel-based processors. The most recent update to High Sierra (10.13.3) does not address the Meltdown issue.

As previously reported, Meltdown is one of two issues discovered in all modern x86-based processors from Intel and AMD, and ARM-based mobile processors manufactured by Qualcomm, Samsung, and more. Part of a CPU’s “speed” stems from its “thinking ahead” while processing multiple tasks. These predictions are based on data CPUs store in local memory, but Google Project Zero researchers found a way to access that information.  

For example, if the system memory were a bank vault, hackers could slip in using a CPU’s key. In a Meltdown attack, hackers can break down the wall that separates each deposit box in the memory vault. After that, they can use a program to access all that information, even data used by the operating system. 

Given this is a hardware issue, all processor companies are frantically working to patch this crack in the design foundation. Meltdown is the easiest to patch through updates to motherboards, operating systems, and software drivers. Spectre, listed as CVE-2017-5753 and CVE-2017-5715, is harder to exploit, but harder to fix as well. This attack breaks down the wall separating programs too, but instead tricks these “error-free” programs into releasing their data. Apple addressed Spectre with its 10.13.2 supplemental update for High Sierra.

The Meltdown patch for MacOS 10.12 Sierra and MacOS 10.11 El Capitan arrives after Intel requested that manufacturers halt in distributing Meltdown updates. The company acknowledged an unusually high number of system reboots stemming from the updates, and currently has a new fix in the works for fourth- and fifth-generation Intel processors. The reboot issue remains unaddressed for all other Intel-based CPUs. 

What is interesting about Apple’s trio of updates outside the Meltdown fix is that the company mentions Google Project Zero researcher Jann Horn three times, who is one of the individuals responsible for discovering the Meltdown and Spectre issues. Apple ties Horn to the Meltdown patch for Sierra and El Capitan but also references Horn to a pair of security issues patched in High Sierra: CVE-2018-4090 and CVE-2018-4093. 

A search in the Common Vulnerabilities and Exposures database shows both security issues are listed as “reserved.” That means the problems have yet to be officially announced but are fixed nonetheless despite a lack of public disclosure. The same holds true for CVE-2018-4082 patched in all three versions of MacOS: a “reserved” security issue discovered by Russ Cox at Google. 

In addition to all the kernel-based issues, Apple fixed a problem in High Sierra and Sierra related to audio, which allowed hackers to execute malicious code using an audio file. The company also addressed a memory corruption issue that enabled an application to execute arbitrary code using “deep” operating system privileges. 

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Everything Apple announced at WWDC 2021: iOS 15, MacOS Monterey, and more
Tim Cook Apple WWDC 2021

The Worldwide Developers Conference (WWDC) is one of the biggest events of the year for Apple developers, and this year's show is no different. Apple announced key updates across its entire ecosystem, with new releases for iOS on the iPhone, MacOS on the Mac, iPadOS for its line of tablets, WatchOS on Apple Watch, and so much more.

"We're excited to share our latest technologies with you and with the incredible community of millions of Apple developers around the world," Apple CEO Tim Cook said as he kicked off WWDC 2021 to an audience of developers represented by Memoji. "Your creativity and groundbreaking apps continue to deliver new and meaningful ways to enrich people's lives,"  "We've continued to look for ways to cultivate the next generation of developers, with an emphasis on those underrepresented in technology."

Read more
Apple’s MacOS Monterey brings the next big update for Macs
apple wwdc 2021 everything announced mac os montery2 copy

On stage at the WWDC 2021, Apple announced MacOS Monterey, the newest version of the Macintosh operating system for MacBooks, iMacs, and Mac Mini devices.

Available as a free update on the Apple App Store on most Macs later this fall, the release builds on the redesign introduced in 2020 with MacOS Big Sur. Last year's update was all about new visuals and support for the new M1 architecture, and this one adds some more productivity refinements to the overall MacOS experience.

Read more
How to downgrade from MacOS Catalina to Mojave
MacOS Catalina Hands-on | Macbook Pro

You installed Apple’s new MacOS Catalina on your Mac, but you might be having issues with the latest version. Unfortunately, you can’t simply revert to Mojave. The downgrade requires wiping your Mac’s primary drive and reinstalling MacOS Mojave using an external drive. If your Mac initially shipped with Mojave, however, you can skip the external drive instructions.

Note: These steps work just as well for switching from MacOS Big Sur back to Catalina. Just make sure to choose the right operating system (OS) version for what you want.

Read more