Jump to content

Meltdown


Recommended Posts

All indications so far are that there are no known exploits in the wild at this time. If (or when) this changes, I'm sure Malwarebytes will update definitions to detect any malware containing such exploits.

Apple has already released mitigations in macOS 10.13.2 to help defend against Meltdown. In the coming days they plan to release mitigations in Safari to help defend against Spectre. They say they will continue to develop and test further mitigations for these issues and will release them in upcoming updates.

Edited by alvarnell
Link to post
Share on other sites

  • Staff

Meltdown and Spectre are not malware, they are vulnerabilities in computer processor chips. As such, these are not things that anti-virus software can protect against.

Currently, there is no known malware taking advantage of these vulnerabilities. If such malware does appear in the future, then we will be able to protect against that.

Note that, as Al points out, keeping your system and your browser up-to-date will be the most important thing you can do to stay safe from Meltdown and Spectre. If you have macOS 10.13.2, you are already safe from Meltdown, and you will be able to install updates soon that will protect against Spectre. It is unknown at this time whether Apple will release any security updates for older systems to fix these vulnerabilities. They very well may not, but if they do, the only systems likely to receive patches would be macOS 10.11 (El Capitan) and 10.12 (Sierra).

Link to post
Share on other sites

Note that Apple released macOS High Sierra 10.13.2 Supplemental Update & Safari 11.0.2 for OS X El Capitan 10.11.6 and macOS Sierra 10.12.6 today which includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).

Link to post
Share on other sites

On 1/7/2018 at 7:18 AM, treed said:

...If you have macOS 10.13.2, you are already safe from Meltdown, and you will be able to install updates soon that will protect against Spectre. It is unknown at this time whether Apple will release any security updates for older systems to fix these vulnerabilities. They very well may not, but if they do, the only systems likely to receive patches would be macOS 10.11 (El Capitan) and 10.12 (Sierra).

The several kernel related items noted for the 2017-002, 2017-005 security updates for 10.11/12, respectively, would appear to protect against Meltdown. (Maybe Spectre, as well??)

-Impact: An application may be able to read kernel memory (Meltdown)

-Impact: An application may be able to execute arbitrary code with kernel privileges (Spectre??) my parenthetical

-Impact: An application may be able to read restricted memory (Spectre??) my parenthetical

https://support.apple.com/en-us/HT208331

On the other hand, there's this appleinsider article, which suggests that that can't be taken at face value.

http://appleinsider.com/articles/18/01/05/december-apple-updates-fixed-meltdown-spectre-vulnerabilities-on-older-macs

Not sure what to think.

10.13.2 did receive a supplemental update, which appears to mitigate against Spectre. Nothing like that yet for 10.11/10.12.

https://www.macrumors.com/2018/01/08/macos-high-sierra-10-13-2-spectre-fix/

 

Edited by WZZZ
Link to post
Share on other sites

Only one of the Kernel updates pertains to Meltdown and you will note that it does not apply to 2017-002, 2017-005 security updates for 10.11/12:

Quote

 

Kernel

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to read kernel memory (Meltdown)

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

CVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)

Entry updated January 5, 2018

 

None of the other Kernel updates are for Meltdown or Spectre. The latest Safari 11.0.2 Update is the only Apple provided Spectre patch for macOS 10.11/12/13 and they believe that exploiting the Spectre vulnerability is necessary before Meltdown can be exploited (i.e. updated Safari 11.0.2 should be sufficient protection for macOS 11/12 as far as Apple browsers are concerned and 3rd party browsers are also being updated for Spectre. My sources tell me that Apple is still deciding whether or not macOS 11/12 need the Meltdown patch in view of this.

Link to post
Share on other sites

My error, you are correct, the one explicitly showing Meltdown is for 10.13.1.  For me somewhat confusing, since there are a number of others for 10.11-12 there with what I suppose could be called "Meltdown-like" vulnerabilities: "Impact: An application may be able to read restricted memory."  But I suppose those are not chip/microprocessor related, therefore not Meltdown.

 

 

 

 

 

Edited by WZZZ
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.