Meltdown: Apple releases security patch for older macOS version

Apple macOS Sierra and El Capitan are now secured against Meltdown security bug.

  • Published: January 24, 2018 12:54 PM IST

Apple has released a new security update to protect older operating systems against the Meltdown security bug. Meltdown is a security vulnerability affecting devices using chipsets from Intel, and it was made public early this year.

Apple has already released patches securing macOS High Sierra against Meltdown on January 8, but the patch did not prevent older versions of company’s desktop operating system. According to The Verge, the new update protects macOS Sierra version 10.12.6 and El Capitan version 10.11.6 against Meltdown. The update is the latest in the series of patches that Apple has released for macOS and iOS to protect against the known vulnerability.

Meltdown and Spectre are the two most critical vulnerability affecting devices using either Intel, AMD or ARM-based chipsets. Meltdown is the easiest of the two to exploit and it allows any attacker to access the low-level kernel memory that is normally protected from user access and higher programs. The flaw was disclosed early this month as a chip-level flaw but Intel and others confirmed that isolation of kernels with a software patch will be enough to protect all devices from a remote attack.

Apple has also released security patch for Safari and WebKit to protect against Spectre bug, which exploits a flaw with WebKit to access JavaScript SharedArrayBuffer and steals password using array bounds attack. Apple is yet to confirm whether its A-series chipsets powering iPhone and iPad will need a similar patch to protect against Meltdown and Spectre bugs.

Apple has also not revealed whether there will be any drop in performance once users apply the security patch. Microsoft had recently explained that Windows 10 PCs will see single digit drop in performance with newer CPUs while Windows 7 and Windows 8 machines will be the most affected after the patch.

Earlier in the day, Apple also released iOS 11.2.5 with the fix against the recently disclosed ChaiOS texting bug. The update prevents the bug from crashing the Messages app and freezing any iOS device. The update is being rolled out in the form of an OTA update and iPhone users can also manually trigger the update by going to Settings -> General -> Software Update.

  • Published Date: January 24, 2018 12:54 PM IST