阅读327 返回首页    go iPhone_iPad_Mac_apple


Meltdown

Ref article affecting Intel/AMD/ARM processors:

https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-worst-cpu-bu gs-ever-found-affect-computers-intel-processors-security-flaw

 

Did Apple release a security patch against this vulnerability yet?



Yes. This was dealt with in the latest updates to Sierra and High Sierra.



Thanks for the quick answer.

 

For my own knowledge, where did you find this out?



I finally found it. (I think)

They ref: Ian Beer of Google Project Zero and others...  But I dont see any reference to "Meltdown or Spectre"

 

 

https://support.apple.com/en-ca/HT208331



https://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemente d-fix-in-macos-for-kpti-intel-cpu-security-flaw



Ok, The article says it is. (and I believe it).

 

I was just wondering if there was any way to tell by just reading the update details.

 

Example: https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-sid e.html

I found that the related problems were about the following CVE#s:

 

  • Variant 1: bounds check bypass (CVE-2017-5753)
  • Variant 2: branch target injection (CVE-2017-5715)
  • Variant 3: rogue data cache load (CVE-2017-5754)

Before the issues described here were publicly disclosed, Daniel Gruss, Moritz Lipp, Yuval Yarom, Paul Kocher, Daniel Genkin, Michael Schwarz, Mike Hamburg, Stefan Mangard, Thomas Prescher and Werner Haas also reported them; their [writeups/blogposts/paper drafts] are at:



When I look at the update detail for High Sierra: https://support.apple.com/en-ca/HT208331

I dont see any of the CVE related issues...?


It is that apple creates new CVE numbers?



Hi KiltedTim.  Do you know if it was fixed in El Capitan too?



El Capitan is still getting securty updates.  The last one was the same date as the High Sierra update, so probably has the same fixes.

https://support.apple.com/HT208331



"Partially implemented fix" does not inspire confidence



Since there are no reports of any actual exploits in the wild on ANY platform at this time, I wouldn't get too worked up about it at this point.

The cure may be worse than the disease. Microsoft is warning of a 10% to 30% performance hit to PC's running Windows 10 and Windows server if the patches are installed.

If you're smart about what you do and don't download from the Interwebtubes, you probably have very little to worry about, at least for a while...



最后更新:2018-01-05 00:06:45

  上一篇:go EtreCheck
  下一篇:go Macbook Pro frying USB peripherals