Apple took additional steps this week to protect Mac users from Meltdown and Spectre, two recently disclosed and serious security vulnerabilities.
On Tuesday, alongside the rollout of macOS High Sierra 10.13.3, Apple released two new security updates for older versions of the Mac operating system.
Security Update 2018-001, as the patch is called, mitigates the dangers of Meltdown and Spectre. It also introduces fixes for several other security issues, according to Apple’s support document.
- Security Update 2018-001 is available for macOS Sierra 10.12.6 and even OS X El Capitan 10.11.6.
- If you’re running one of these older Mac operating systems, it’s recommended that you update as soon as you can.
Since the existence of the Meltdown and Spectre vulnerabilities became known to the public, Apple has been working to mitigate the flaws on its end. It introduced a patch for both flaws in macOS High Sierra 10.13.2, but Mac computers running older versions of Apple’s operating systems were left unprotected — until now, at least.
It’s worth noting that, while some support document text implied that macOS Sierra and OS X El Capitan had already been patched, Apple later retracted those statements. It seems that the security update released today is actually the first mitigation patch for either of those older operating systems.
To download and install the security update, open the App Store app on your Mac, click on Updates in the toolbar, and click the Update button next to the appropriate software update. Alternatively, you can click the Update All button.
Spectre & Meltdown
Spectre and Meltdown are both hardware-side vulnerabilities that affect basically all computers with modern processors. Apple later disclosed that the exploits did impact Mac computers and iOS devices, but noted that iOS and maCOS had been patched by the time news of the vulnerabilities reach the public.
Both vulnerabilities take advantage of the so-called “speculative execution mechanism” in processors. Since the flaw is hardware-based, OS and component
makers must implement software fixes.
Because the exploits take advantage of design decisions meant to make CPUs faster, it’s worth noting that introducing fixes for Meltdown and could slow down a computer.
On the other hand, Apple has insisted that its Meltdown fix has no measurable performance impact, according to its own benchmark testing. So, thankfully, while Windows PC computers with Intel processors have been negatively affected by the Meltdown patch, Apple’s machines seem to be in the clear.
Similarly, the Spectre patch for Safari seems to have had little to no impact on the web browser’s performance across operating systems.
iOS device owners, on the other hand, may not be so lucky. Since the release of iOS 11.2.2, benchmark testing seems to indicate that some iPhones may take as much as a 40 percent hit to their performance due to the security patch.