New CPU exploit

It appears to be partially fixed in 10.13.2 without a notable performance difference. I guess we'll have to see what the next security update does.

I believe the fix that was part of 10.13.2 has been around since 6th December 2017 as part Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan.

See Apple link for full details - https://support.apple.com/en-gb/HT208331

how would we report on that?

https://support.apple.com/en-gb/HT208331 mentions CVE-2017-7154... but not CVE-2017-5753, CVE-2017-5754 or CVE-2017-5715.

I reached out to my Apple rep waiting to hear back

We opened a ticket this morning and were given the expected "We don't discuss vulnerabilities" response.

Guessing this is the last nail on the coffin of 10.10 and older. Hopefully.

We still run 10.12.6, are they only releasing a fix for 10.13.2 similar to there only being a supposed fix for Windows 10 onwards?

@RCoS The fix has been realise for 10.12.6 (Security Update 2017-002) and 10.11.6 (Security Update 2017-005)

@dunnco

https://support.apple.com/en-gb/HT208331 mentions CVE-2017-7154... but not CVE-2017-5753, CVE-2017-5754 or CVE-2017-5715.

I might be wrong here but is that because the ones that aren't mentioned are part of 'Spectre'?
I believe the only fix realised so far addresses issues with the 'Meltdown' bug. Spectre is a much more difficult issue to address.

I got confirmation from our Apple rep that the 2017-002 and 2017-005 patches address Meltdown only and that a fix for safari/spectre is in the works