Spectre Variant 2 - Microcode update in macOS 10.13.4(High Sierra) / Sec Update 2018-002(Sierra and El Capitan)

PatrickD
Contributor II

Hi All,

For those of you that have been waiting like us, there appears to be a Microcode update included the following updates from Apple
- macOS 10.13.4 (High Sierra)
- Security Update 2018-002(Sierra)
- Security Update 2018-002(El Capitan)

I have only been able to test this on two 2016 MacBook Pro's (one on Sierra, other on High Sierra)

Before the Update on both systems, the Microcode version was 186(0xBA) and post update they are 194(0xC2). Hex value in brackets.

The CPUs in both of these MacBooks are Intel® Core™ i5-6360U Skylake 6th Gen.

I compared this to the Intel White Paper on the Spectre Variant 2 (CVE-2017-5715) Microcode patches, "Microcode Update Guidance" and found that the new microcode version 194(0xC2) matches what is listed in the White Paper for that CPU family.

To check your Microcode version, run this in terminal or create and EA. You will need to convert the decimal value to hex.

sysctl -a | grep microcode

I'm still looking for some more definitive information from Intel and Apple. The Apple release notes don't mention anything about Spectre though.

Any help investigating this would be greatly appreciated!

3 REPLIES 3

donmontalvo
Esteemed Contributor III

Interesting

$ sysctl -a | grep microcode
machdep.cpu.microcode_version: 19

This is on a MacBook Pro (Retina, 15-inch, Mid 2015) with these specs, running 10.13.3:

Hardware Overview: Model Name: MacBook Pro Model Identifier: MacBookPro11,5 Processor Name: Intel Core i7 Processor Speed: 2.8 GHz Number of Processors: 1 Total Number of Cores: 4 L2 Cache (per Core): 256 KB L3 Cache: 6 MB Memory: 16 GB Boot ROM Version: MBP114.0177.B00 SMC Version (system): 2.30f2 Serial Number (system): XXXXXXXXXXXXX Hardware UUID: XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

Will post an update to this once I run 10.13.4 later in the week.

--
https://donmontalvo.com

KSchroeder
Contributor

Mine is the same model as donmoltavo's and mine shows microcode version 25, with 13.4 installed.
My SMC version shows 2.30f1 though, vs 2.30f2 for Don's.

PhillyPhoto
Valued Contributor

Single line to convert it to hex:

printf '0x%x
' `sysctl -a | grep microcode | awk '{print $2}'`

Results in:

0xc2

It shows it as lowercase for me, so I'm sure if uppercase matters you can break the code out a little more.