TidBITS: Apple Releases Information on Meltdown and Spectre

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

TidBITS: Apple Releases Information on Meltdown and Spectre

TidBITS Articles
Apple Releases Information on Meltdown and Spectre

This article was just published by TidBITS and sent to you at your request.

Apple Releases Information on Meltdown and Spectre

By Adam C. Engst
http://tidbits.com/article/17712

The tech world has been abuzz with discussion of Meltdown and Spectre, massive “speculative execution” security vulnerabilities recently discovered in the CPUs used by nearly all modern computing devices, including the Intel CPUs used in Macs and the ARM-based CPUs in iOS devices. Ars Technica has a good explanation of the problem and overview of the response from different companies.

Apple has now posted a support note explaining the situation from the company’s perspective. In short, Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and claims that its changes resulted in no measurable reduction in performance. An upcoming release of Safari will mitigate the Spectre exploits with only a minimal performance impact. Apple says that the Apple Watch is unaffected by both Meltdown and Spectre.

That’s all good, but note the word “mitigate” in Apple’s note — the company isn’t saying “fix.” Spectre, in particular, is a subtle vulnerability, and we’ll likely be seeing additional protections worked into software over time.

In other words, staying up to date with the latest security fixes from Apple is becoming ever more important.

Post a comment

TidBITS members can unsubscribe from just-published articles at http://tidbits.com/subscriptions. TidBITS Talk readers will need to create a filter to delete these articles.

Article copyright © 2018 By Adam C. Engst . Reuse governed by Creative Commons License.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: TidBITS: Apple Releases Information on Meltdown and Spectre

John Burt
The question is, will they provide fixes for earlier OS versions if necessary. Or are earlier devices not susceptible to the problems. Two of my devices won't update past iOS 9.3.x.

On Fri, Jan 5, 2018 at 5:36 PM, TidBITS Articles <[hidden email]> wrote:

This article was just published by TidBITS and sent to you at your request.

Apple Releases Information on Meltdown and Spectre

By Adam C. Engst
http://tidbits.com/article/17712

The tech world has been abuzz with discussion of Meltdown and Spectre, massive “speculative execution” security vulnerabilities recently discovered in the CPUs used by nearly all modern computing devices, including the Intel CPUs used in Macs and the ARM-based CPUs in iOS devices. Ars Technica has a good explanation of the problem and overview of the response from different companies.

Apple has now posted a support note explaining the situation from the company’s perspective. In short, Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and claims that its changes resulted in no measurable reduction in performance. An upcoming release of Safari will mitigate the Spectre exploits with only a minimal performance impact. Apple says that the Apple Watch is unaffected by both Meltdown and Spectre.

That’s all good, but note the word “mitigate” in Apple’s note — the company isn’t saying “fix.” Spectre, in particular, is a subtle vulnerability, and we’ll likely be seeing additional protections worked into software over time.

In other words, staying up to date with the latest security fixes from Apple is becoming ever more important.

Post a comment

TidBITS members can unsubscribe from just-published articles at http://tidbits.com/subscriptions. TidBITS Talk readers will need to create a filter to delete these articles.

Article copyright © 2018 By Adam C. Engst . Reuse governed by Creative Commons License.




--
John



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: TidBITS: Apple Releases Information on Meltdown and Spectre

Al Varnell
Earlier devices are most definitely vulnerable. Although I don't believe anybody has compiled a complete list, it goes back many years.

Apple informed a colleague that they aren't prepared to announce plans to update earlier macOSs at this time. No surprise there.

I doubt that there will be any attempt to update earlier versions of iOS, tvOS or watchOS. I don't recall that ever having happened.

Sent from my iPad

-Al-

On Jan 5, 2018, at 8:00 PM, SciFiOneA . <[hidden email]> wrote:
The question is, will they provide fixes for earlier OS versions if necessary. Or are earlier devices not susceptible to the problems. Two of my devices won't update past iOS 9.3.x.

On Fri, Jan 5, 2018 at 5:36 PM, TidBITS Articles <[hidden email]> wrote:

This article was just published by TidBITS and sent to you at your request.

Apple Releases Information on Meltdown and Spectre

By Adam C. Engst
http://tidbits.com/article/17712

The tech world has been abuzz with discussion of Meltdown and Spectre, massive “speculative execution” security vulnerabilities recently discovered in the CPUs used by nearly all modern computing devices, including the Intel CPUs used in Macs and the ARM-based CPUs in iOS devices. Ars Technica has a good explanation of the problem and overview of the response from different companies.

Apple has now posted a support note explaining the situation from the company’s perspective. In short, Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and claims that its changes resulted in no measurable reduction in performance. An upcoming release of Safari will mitigate the Spectre exploits with only a minimal performance impact. Apple says that the Apple Watch is unaffected by both Meltdown and Spectre.

That’s all good, but note the word “mitigate” in Apple’s note — the company isn’t saying “fix.” Spectre, in particular, is a subtle vulnerability, and we’ll likely be seeing additional protections worked into software over time.

In other words, staying up to date with the latest security fixes from Apple is becoming ever more important.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: TidBITS: Apple Releases Information on Meltdown and Spectre

Jeff Porten
A technically savvy client sent me a cut-and-paste from a reference saying that there will be fixes rolled into security updates for 10.11 and 10.12, but didn’t tell me where he saw it. His news radar is usually *very* good.

Best,
Jeff


> On Jan 5, 2018, at 8:15 PM, Al Varnell <[hidden email]> wrote:
>
> Earlier devices are most definitely vulnerable. Although I don't believe anybody has compiled a complete list, it goes back many years.
>
> Apple informed a colleague that they aren't prepared to announce plans to update earlier macOSs at this time. No surprise there.
>
> I doubt that there will be any attempt to update earlier versions of iOS, tvOS or watchOS. I don't recall that ever having happened.
>
> Sent from my iPad
>
> -Al-
>
> On Jan 5, 2018, at 8:00 PM, SciFiOneA . <[hidden email]> wrote:
>> The question is, will they provide fixes for earlier OS versions if necessary. Or are earlier devices not susceptible to the problems. Two of my devices won't update past iOS 9.3.x.
>>
> On Fri, Jan 5, 2018 at 5:36 PM, TidBITS Articles <[hidden email]> wrote:
>> This article was just published by TidBITS and sent to you at your request.
>>
>> Apple Releases Information on Meltdown and Spectre
>>
>> By Adam C. Engst
>> http://tidbits.com/article/17712
>>
>> The tech world has been abuzz with discussion of Meltdown and Spectre, massive “speculative execution” security vulnerabilities recently discovered in the CPUs used by nearly all modern computing devices, including the Intel CPUs used in Macs and the ARM-based CPUs in iOS devices. Ars Technica has a good explanation of the problem and overview of the response from different companies.
>>
>> Apple has now posted a support note explaining the situation from the company’s perspective. In short, Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and claims that its changes resulted in no measurable reduction in performance. An upcoming release of Safari will mitigate the Spectre exploits with only a minimal performance impact. Apple says that the Apple Watch is unaffected by both Meltdown and Spectre.
>>
>> That’s all good, but note the word “mitigate” in Apple’s note — the company isn’t saying “fix.” Spectre, in particular, is a subtle vulnerability, and we’ll likely be seeing additional protections worked into software over time.
>>
>> In other words, staying up to date with the latest security fixes from Apple is becoming ever more important.
>>
>
>
> ____________TidBITS Talk Participation Guidelines____________
> Post only when you have something substantive to contribute.
> Be polite and constructive, and comment on posts, not people.
> Quote sparingly, if at all. We all read the previous message.
> Start threads with a new message to [hidden email].
> Read archives at: http://tidbits.com/pipermail/tidbits-talk/
> Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
> ____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: TidBITS: Apple Releases Information on Meltdown and Spectre

@lbutlr
In reply to this post by John Burt
On 05 Jan 2018, at 21:00, SciFiOneA . <[hidden email]> wrote:
> The question is, will they provide fixes for earlier OS versions if necessary.

No, I wouldn’t think so.

> Or are earlier devices not susceptible to the problems. Two of my devices won't update past iOS 9.3.x.

Pretty much everything made in the last 20+ years. However, the risk on iOS is very small.

--
The Piper's calling you to join him




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: TidBITS: Apple Releases Information on Meltdown and Spectre

John Burt
In reply to this post by Jeff Porten
Thanks. I have the 10.12 installer but not 10.11. Wish I did.

On Fri, Jan 5, 2018 at 8:18 PM, Jeff Porten <[hidden email]> wrote:
A technically savvy client sent me a cut-and-paste from a reference saying that there will be fixes rolled into security updates for 10.11 and 10.12, but didn’t tell me where he saw it. His news radar is usually *very* good.

Best,
Jeff




--
John



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: TidBITS: Apple Releases Information on Meltdown and Spectre

John Burt
In reply to this post by @lbutlr
Good answer. Thanks. The old units are not used for much anymore. Both stay at home. One is used for playing Netflix shows, and the other for reading NPR and BBC news.

On Sat, Jan 6, 2018 at 7:07 AM, @lbutlr <[hidden email]> wrote:
On 05 Jan 2018, at 21:00, SciFiOneA . <[hidden email]> wrote:
> The question is, will they provide fixes for earlier OS versions if necessary.

No, I wouldn’t think so.

> Or are earlier devices not susceptible to the problems. Two of my devices won't update past iOS 9.3.x.

Pretty much everything made in the last 20+ years. However, the risk on iOS is very small.




--
John



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____