![]() Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6. Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and also in Security Update 2018-001 for macOS Sierra and Security Update 2018-001 for OS X El Capitan. Our analysis suggests that it has the most potential to be exploited. Meltdown is a name given to an exploitation technique known as CVE-2017-5754 or "rogue data cache load." The Meltdown technique can enable a user process to read kernel memory. The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory-including that of the kernel-from a less-privileged user process such as a malicious app running on a device. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. Speculative execution improves speed by operating on multiple instructions at once-possibly in a different order than when they entered the CPU. The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. We continue to develop and test further mitigations for these issues. Apple Watch is not affected by either Meltdown or Spectre. To help defend against Spectre, Apple has released mitigations in iOS 11.2.2, the macOS High Sierra 10.13.2 Supplemental Update, and Safari 11.0.2 for macOS Sierra and OS X El Capitan. Security updates for macOS Sierra and OS X El Capitan also include mitigations for Meltdown. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.Īpple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. ![]() All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at the time of this writing. These issues apply to all modern processors and affect nearly all computing devices and operating systems. Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. About speculative execution vulnerabilities in ARM-based and Intel CPUsĪpple has released security updates for macOS Sierra and El Capitan with mitigations for Meltdown.Īpple has released updates for iOS, macOS High Sierra, and Safari on Sierra and El Capitan to help defend against Spectre.Īpple Watch is unaffected by both Meltdown and Spectre.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |