New CPU exploit

jwojda
Valued Contributor II

CPU Exploit

A new CPU exploit is out, but the patches put a significant performance hit on the machines.

10 REPLIES 10

bvrooman
Valued Contributor

It appears to be partially fixed in 10.13.2 without a notable performance difference. I guess we'll have to see what the next security update does.

MattCrawford
New Contributor III

I believe the fix that was part of 10.13.2 has been around since 6th December 2017 as part Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan.

See Apple link for full details - https://support.apple.com/en-gb/HT208331

RogerH
Contributor II

how would we report on that?

dunnco
New Contributor

https://support.apple.com/en-gb/HT208331 mentions CVE-2017-7154... but not CVE-2017-5753, CVE-2017-5754 or CVE-2017-5715.

RogerH
Contributor II

I reached out to my Apple rep waiting to hear back

donmontalvo
Esteemed Contributor II

We opened a ticket this morning and were given the expected "We don't discuss vulnerabilities" response.

Guessing this is the last nail on the coffin of 10.10 and older. Hopefully.

--
https://donmontalvo.com

RCoS
New Contributor III

We still run 10.12.6, are they only releasing a fix for 10.13.2 similar to there only being a supposed fix for Windows 10 onwards?

MattCrawford
New Contributor III

@RCoS The fix has been realise for 10.12.6 (Security Update 2017-002) and 10.11.6 (Security Update 2017-005)

MattCrawford
New Contributor III

@dunnco

https://support.apple.com/en-gb/HT208331 mentions CVE-2017-7154... but not CVE-2017-5753, CVE-2017-5754 or CVE-2017-5715.

I might be wrong here but is that because the ones that aren't mentioned are part of 'Spectre'?
I believe the only fix realised so far addresses issues with the 'Meltdown' bug. Spectre is a much more difficult issue to address.

RogerH
Contributor II

I got confirmation from our Apple rep that the 2017-002 and 2017-005 patches address Meltdown only and that a fix for safari/spectre is in the works