Skip to main content
  1. Home
  2. Computing
  3. Apple
  4. News

Apple protects MacOS Sierra, El Capitan from Meltdown, lists Google bugs

Add as a preferred source on Google

Apple recently distributed updates for its Mac-based devices across three specific versions of MacOS: High Sierra (10.13), Sierra (10.12), and El Capitan (10.11). The updates for the two older MacOS versions specifically address CVE-2017-5754, otherwise known as Meltdown, which is a security issue recently discovered in Intel-based processors. The most recent update to High Sierra (10.13.3) does not address the Meltdown issue.

As previously reported, Meltdown is one of two issues discovered in all modern x86-based processors from Intel and AMD, and ARM-based mobile processors manufactured by Qualcomm, Samsung, and more. Part of a CPU’s “speed” stems from its “thinking ahead” while processing multiple tasks. These predictions are based on data CPUs store in local memory, but Google Project Zero researchers found a way to access that information.  

Recommended Videos

For example, if the system memory were a bank vault, hackers could slip in using a CPU’s key. In a Meltdown attack, hackers can break down the wall that separates each deposit box in the memory vault. After that, they can use a program to access all that information, even data used by the operating system. 

Given this is a hardware issue, all processor companies are frantically working to patch this crack in the design foundation. Meltdown is the easiest to patch through updates to motherboards, operating systems, and software drivers. Spectre, listed as CVE-2017-5753 and CVE-2017-5715, is harder to exploit, but harder to fix as well. This attack breaks down the wall separating programs too, but instead tricks these “error-free” programs into releasing their data. Apple addressed Spectre with its 10.13.2 supplemental update for High Sierra.

The Meltdown patch for MacOS 10.12 Sierra and MacOS 10.11 El Capitan arrives after Intel requested that manufacturers halt in distributing Meltdown updates. The company acknowledged an unusually high number of system reboots stemming from the updates, and currently has a new fix in the works for fourth- and fifth-generation Intel processors. The reboot issue remains unaddressed for all other Intel-based CPUs. 

What is interesting about Apple’s trio of updates outside the Meltdown fix is that the company mentions Google Project Zero researcher Jann Horn three times, who is one of the individuals responsible for discovering the Meltdown and Spectre issues. Apple ties Horn to the Meltdown patch for Sierra and El Capitan but also references Horn to a pair of security issues patched in High Sierra: CVE-2018-4090 and CVE-2018-4093. 

A search in the Common Vulnerabilities and Exposures database shows both security issues are listed as “reserved.” That means the problems have yet to be officially announced but are fixed nonetheless despite a lack of public disclosure. The same holds true for CVE-2018-4082 patched in all three versions of MacOS: a “reserved” security issue discovered by Russ Cox at Google. 

In addition to all the kernel-based issues, Apple fixed a problem in High Sierra and Sierra related to audio, which allowed hackers to execute malicious code using an audio file. The company also addressed a memory corruption issue that enabled an application to execute arbitrary code using “deep” operating system privileges. 

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This new Mac malware won’t let you use your computer until you surrender your password
This Mac malware turns your own computer against you
AI Generated Image

A newly discovered strain of macOS malware is taking social engineering to an unsettling new level. Instead of exploiting a software vulnerability or silently stealing information in the background, it simply refuses to let you use your Mac until you type in your login password.

Dubbed ClickLock, the malware repeatedly shuts down key macOS processes, disables notifications, displays convincing Apple password prompts, and effectively traps users in a loop that only ends when the correct password is entered. Once that happens, it doesn't just steal the password. It goes after browser data, cryptocurrency wallets, saved credentials, password managers, and much more.

Read more
1Password lets Claude inside your accounts without handing over the keys
Claude can now sign in on your behalf while your password stays hidden, though trusting it after login is a separate decision
1Password official

1Password is giving Claude a way into your online accounts without making your passwords part of the bargain. The new 1Password for Claude integration can fill login details while keeping the credentials hidden from Anthropic’s AI agent.

Available now on Mac, the feature kicks in when Claude reaches a sign-in page during a task. Claude requests a saved login, then you approve or deny it. If approved, 1Password submits the credentials through a separate encrypted channel. Passwords and one-time codes never enter Claude’s context or Anthropic’s systems.

Read more
New open-weight AI from China is toppling the best of OpenAI and Claude Fable
Moonshot’s 2.8-trillion-parameter Kimi K3 beats Fable 5 and GPT 5.6 Sol in select benchmarks
Art, Drawing, Plant

China's Moonshot AI has launched Kimi K3, a massive 2.8-trillion-parameter model built for coding, research, reasoning, and visual tasks. Moonshot admits K3 still trails Claude Fable 5 and GPT 5.6 Sol overall. Even so, its benchmark results put it surprisingly close to both, and it finishes ahead in several tests.

How close is Kimi K3 to the best closed models?

Read more