Skip to main content

Apple protects MacOS Sierra, El Capitan from Meltdown, lists Google bugs

Apple recently distributed updates for its Mac-based devices across three specific versions of MacOS: High Sierra (10.13), Sierra (10.12), and El Capitan (10.11). The updates for the two older MacOS versions specifically address CVE-2017-5754, otherwise known as Meltdown, which is a security issue recently discovered in Intel-based processors. The most recent update to High Sierra (10.13.3) does not address the Meltdown issue.

As previously reported, Meltdown is one of two issues discovered in all modern x86-based processors from Intel and AMD, and ARM-based mobile processors manufactured by Qualcomm, Samsung, and more. Part of a CPU’s “speed” stems from its “thinking ahead” while processing multiple tasks. These predictions are based on data CPUs store in local memory, but Google Project Zero researchers found a way to access that information.  

Recommended Videos

For example, if the system memory were a bank vault, hackers could slip in using a CPU’s key. In a Meltdown attack, hackers can break down the wall that separates each deposit box in the memory vault. After that, they can use a program to access all that information, even data used by the operating system. 

Given this is a hardware issue, all processor companies are frantically working to patch this crack in the design foundation. Meltdown is the easiest to patch through updates to motherboards, operating systems, and software drivers. Spectre, listed as CVE-2017-5753 and CVE-2017-5715, is harder to exploit, but harder to fix as well. This attack breaks down the wall separating programs too, but instead tricks these “error-free” programs into releasing their data. Apple addressed Spectre with its 10.13.2 supplemental update for High Sierra.

The Meltdown patch for MacOS 10.12 Sierra and MacOS 10.11 El Capitan arrives after Intel requested that manufacturers halt in distributing Meltdown updates. The company acknowledged an unusually high number of system reboots stemming from the updates, and currently has a new fix in the works for fourth- and fifth-generation Intel processors. The reboot issue remains unaddressed for all other Intel-based CPUs. 

What is interesting about Apple’s trio of updates outside the Meltdown fix is that the company mentions Google Project Zero researcher Jann Horn three times, who is one of the individuals responsible for discovering the Meltdown and Spectre issues. Apple ties Horn to the Meltdown patch for Sierra and El Capitan but also references Horn to a pair of security issues patched in High Sierra: CVE-2018-4090 and CVE-2018-4093. 

A search in the Common Vulnerabilities and Exposures database shows both security issues are listed as “reserved.” That means the problems have yet to be officially announced but are fixed nonetheless despite a lack of public disclosure. The same holds true for CVE-2018-4082 patched in all three versions of MacOS: a “reserved” security issue discovered by Russ Cox at Google. 

In addition to all the kernel-based issues, Apple fixed a problem in High Sierra and Sierra related to audio, which allowed hackers to execute malicious code using an audio file. The company also addressed a memory corruption issue that enabled an application to execute arbitrary code using “deep” operating system privileges. 

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Apple could launch a Frankenstein iPad Pro that runs macOS
ipad pro 2021.

People have been complaining for years that Apple should just merge its mobile and desktop operating systems, and they might finally see their wish come true -- sort of. That’s because a new rumor claims Apple is working on bringing macOS to the M2 iPad Pro, but it could be nothing more than a tall tale.

The rumor comes from leaker Majin Bu on Twitter, who claims their sources have told them Apple is working on a “smaller” version of macOS that would be exclusively for the M2 iPad Pro, which Apple has only just released.

Read more
6 key MacOS Ventura features Apple didn’t tell you about
Apple's Craig Federighi introducing macOS Ventura at WWDC 2022.

Apple’s Worldwide Developers Conference (WWDC) keynote was overflowing with new features, apps, and devices. With so much info to cram into two hours, it was inevitable that Apple would leave some juicy bits out of the presentation.

But not to worry -- we’ve scoured our Macs to find all the best MacOS Ventura features that Apple just didn’t have time to talk about. Here’s everything you might have missed.
Continuity camera and QuickTime

Read more
4 annoying MacOS problems Apple needs to fix at WWDC
Apple logo on screen in front of group of people.

MacOS Monterey is pretty dang impressive as far as operating systems go. It’s fast, looks gorgeous, and is packed with great features that make it fun and easy to use. But despite all that, there are still many things that make it a real pain at times.

Yet there’s reason to be hopeful. That’s because we are rapidly approaching Apple’s Worldwide Developers Conference (WWDC), which kicks off on Monday, June 6. WWDC is Apple’s annual software extravaganza, where the company showcases all the latest ideas it has for upgrading MacOS, iOS, and its other software platforms.

Read more