Apple protects MacOS Sierra, El Capitan from Meltdown, lists Google bugs

Meltdown

Apple recently distributed updates for its Mac-based devices across three specific versions of MacOS: High Sierra (10.13), Sierra (10.12), and El Capitan (10.11). The updates for the two older MacOS versions specifically address CVE-2017-5754, otherwise known as Meltdown, which is a security issue recently discovered in Intel-based processors. The most recent update to High Sierra (10.13.3) does not address the Meltdown issue.

As previously reported, Meltdown is one of two issues discovered in all modern x86-based processors from Intel and AMD, and ARM-based mobile processors manufactured by Qualcomm, Samsung, and more. Part of a CPU’s “speed” stems from its “thinking ahead” while processing multiple tasks. These predictions are based on data CPUs store in local memory, but Google Project Zero researchers found a way to access that information.  

For example, if the system memory were a bank vault, hackers could slip in using a CPU’s key. In a Meltdown attack, hackers can break down the wall that separates each deposit box in the memory vault. After that, they can use a program to access all that information, even data used by the operating system. 

Given this is a hardware issue, all processor companies are frantically working to patch this crack in the design foundation. Meltdown is the easiest to patch through updates to motherboards, operating systems, and software drivers. Spectre, listed as CVE-2017-5753 and CVE-2017-5715, is harder to exploit, but harder to fix as well. This attack breaks down the wall separating programs too, but instead tricks these “error-free” programs into releasing their data. Apple addressed Spectre with its 10.13.2 supplemental update for High Sierra.

The Meltdown patch for MacOS 10.12 Sierra and MacOS 10.11 El Capitan arrives after Intel requested that manufacturers halt in distributing Meltdown updates. The company acknowledged an unusually high number of system reboots stemming from the updates, and currently has a new fix in the works for fourth- and fifth-generation Intel processors. The reboot issue remains unaddressed for all other Intel-based CPUs. 

What is interesting about Apple’s trio of updates outside the Meltdown fix is that the company mentions Google Project Zero researcher Jann Horn three times, who is one of the individuals responsible for discovering the Meltdown and Spectre issues. Apple ties Horn to the Meltdown patch for Sierra and El Capitan but also references Horn to a pair of security issues patched in High Sierra: CVE-2018-4090 and CVE-2018-4093. 

A search in the Common Vulnerabilities and Exposures database shows both security issues are listed as “reserved.” That means the problems have yet to be officially announced but are fixed nonetheless despite a lack of public disclosure. The same holds true for CVE-2018-4082 patched in all three versions of MacOS: a “reserved” security issue discovered by Russ Cox at Google. 

In addition to all the kernel-based issues, Apple fixed a problem in High Sierra and Sierra related to audio, which allowed hackers to execute malicious code using an audio file. The company also addressed a memory corruption issue that enabled an application to execute arbitrary code using “deep” operating system privileges. 

Computing

Running into MacBook restart issues? Try these tips and tricks to get it working again

It can be frustrating when your Apple MacBook keeps restarting, but this serious problem can be fixed! We'll go over the common causes for this issue, what you can do to fix them, and why it's okay to take your Mac to a pro!
Computing

Want Apple's super-slim MacBook Air? Here's what to know before you buy

Apple's new MacBook Air is now available for purchase starting at $1,199. If you want one, you'll want to know how to configure it, and if the Air is the right Mac for you. Our guide will help you make the right MacBook purchase.
Deals

Amazon cuts $299 off the 2017 Apple MacBook Pro 13, bringing it down to $1,000

If you want to own a new MacBook Pro without spending more than $1,000, check out Amazon's offer for the 13-inch 2017 Apple MacBook Pro. This $299 price cut brings the late-gen Apple notebook within your budget.
Deals

Amazon cuts $300 off the 15-inch 2019 Apple MacBook Pro with 512GB storage

Discounts on MacBooks are not easy to find. Check out this $300 deal if you are looking to save on the 512GB 2019 Apple MacBook. It brings our pick for the best photo editing laptop in 2019 to its best price on Amazon yet.
Computing

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement or an unwanted trip to your local repair shop.
Computing

Keep your laptop battery in tip-top condition with these handy tips

Learn how to care for your laptop's battery, how it works, and what you can do to make sure yours last for years and retains its charge. Check out our handy guide for valuable tips, no matter what type of laptop you have.
Deals

Now’s your chance to get the latest iPad Pro for $100 less on Amazon

The latest iPad Pro has always been our favorite since its release last year, and we even tagged it as the best tablet ever. Don’t miss out on Amazon’s discount on the 12-inch 256GB Wi-Fi model and get yours today for $1,049.
Computing

From Chromebooks to MacBooks, here are the best laptop deals for August 2019

Whether you need a new laptop for school or work, we have you covered. We've put together a list of the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Deals

Amazon cuts $52 off this Samsung Galaxy 10.1-inch tablet for the whole family

Normally priced at $330, you can grab the Samsung Galaxy Tab A 10.1-inch 128GB Wi-Fi tablet now for only $278 and enjoy $52 savings. On top of that, Amazon is offering an extra $28 discount when you apply for a coupon during checkout.
Computing

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…
Computing

Tired of your Mac freezing? Try these tips to fix your Mac

A Mac that keeps freezing can be an incredibly annoying thing to deal with, but fixing it doesn’t have to be a pain. There are six main things you should try, which we got through in this guide to help you fix the issue once and for all.
Computing

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.
Computing

1.5% of Chrome users’ passwords are known to be compromised, according to Google

In February, a new feature was introduced to the Google Chrome browser which checks whether users' passwords are secure. Now, Google has released eye-opening stats gathered from Password Checkup.
Computing

Latest Windows 10 update is causing random reboots and can break Visual Basic

The latest update for Windows 10, made available on Tuesday this week, includes patches against two critical vulnerabilities. But it is causing a string of issues including random reboots and failure to install.