XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
Privacy Policy
It is currently Sun Oct 21, 2018 9:40 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 34 posts ]  Go to page Previous  1, 2
Author Message
PostPosted: Wed Jan 10, 2018 3:37 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10135
Location: Caught between the moon and NYC
Security Update 2017-002 contains the Meltdown-related fixes included in 10.13.2 for 10.12 and 10.11. Spectre's Javascript-based attacks requires an update to Safari and I don't recall seeing anything related to it in the list of changes included in 2017-002 but I may be wrong. I had people asking me a million and one questions while reading its change notes.


Top
 Profile  
 
PostPosted: Wed Jan 10, 2018 4:40 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9906
Location: North of the State of Jefferson
Now, as ever, ad-blocking sounds like a good idea. For one thing, it makes using the web tolerable, but it's also a great preventive measure against the (awkward) Spectre JavaScript attack because most ad blockers will block JavaScript from add networks, which have proven a convenient JS attack vector on otherwise reputable sites. That won't protect you from directly hacked sites or just straight up malicious ones, but it's one more reason to think about ad blocking.

- Anonymous


Top
 Profile  
 
PostPosted: Thu Jan 11, 2018 5:23 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6264
Location: NYC
MonkeyBoy wrote:
Security Update 2017-002 contains the Meltdown-related fixes included in 10.13.2 for 10.12 and 10.11. Spectre's Javascript-based attacks requires an update to Safari and I don't recall seeing anything related to it in the list of changes included in 2017-002 but I may be wrong. I had people asking me a million and one questions while reading its change notes.

Several items re. kernel for El Cap/Sierra update (El Cap 2017-005) appear to deal with Spectre and/or Meltdown. At least two of the CVEs listed appear to confirm...maybe?
https://support.apple.com/en-us/HT208331

HOWEVER:
Quote:
Update: On Friday afternoon, Apple removed the section of the support document detailing the "Meltdown" patch for Sierra and El Capitan. AppleInsider has conflicting information on this from inside Apple, with some claiming that the security patch didn't have the Meltdown fix, and others claiming that the documentation withdrawal was performed in error.

At present, the security document states that there is no patch for Meltdown in Sierra and El Capitan, and AppleInsider suggests that device administrators proceed assuming that there is no protection from the attack at this time on machines with older operating systems. We will update this post accordingly should we get more information on the topic.

http://appleinsider.com/articles/18/01/ ... older-macs


Top
 Profile  
 
PostPosted: Thu Jan 11, 2018 2:22 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10135
Location: Caught between the moon and NYC
Apple -> :fishsmack: <- Installed user base


Top
 Profile  
 
PostPosted: Thu Jan 11, 2018 9:09 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 15134
:lol:


Top
 Profile  
 
PostPosted: Tue Jan 23, 2018 2:34 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6264
Location: NYC
They still love us:

Safari 11.0.3, El Cap/Sierra Security Updates 2018-001, patches Meltdown/Spectre https://support.apple.com/en-us/HT208465


Top
 Profile  
 
PostPosted: Tue Jan 23, 2018 5:00 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10135
Location: Caught between the moon and NYC
Well that took a while. Microsoft had their update out on the 5th for most systems (some old AMD systems had issues, took a few days to resolve), Linux had mitigations in place on the 5th too... annnnnd here's Apple trundling along 2 weeks later.

They're not doing themselves any favors with that class action suit. I suspect they'll weasel out of releasing updates for older OSes because zomg code more than 3 years old?! that's just impossible to update, but they really need to be Johnny on the spot with the platforms they claim to be supporting.


Top
 Profile  
 
PostPosted: Tue Jan 23, 2018 8:24 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6264
Location: NYC
HS got it weeks ago, but better late than never.


Top
 Profile  
 
PostPosted: Tue Jan 23, 2018 8:29 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10135
Location: Caught between the moon and NYC
Yeah, Apple kind of doesn't understand what "supported" means.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 34 posts ]  Go to page Previous  1, 2

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group