Apple Deploys Meltdown Security Updates For Macs Running Sierra And El Capitan


Apple is distributing security updates for Macs running two of its older operating systems, Sierra and El Capitan, to protect against the Meltdown vulnerability.

While Apple had rolled out protections against Meltdown in the current version of macOS, High Sierra, on Jan. 8, mitigations for Macs running previous operating system versions had lacked until the updates on Tuesday.

[Related: Solution Providers: It's Time To Restart The Clock On Spectre, Meltdown Patch Rollout Time Line]

"This is really welcome for us," said Jerry Zigmont, owner of MacWorks LLC, a Madison, Conn.-based Apple consultant that handles patch management for many of its clients. "A lot of clients go with us because we can provide managed services for them. We're deploying immediately."

Sponsored post

Zigmont said the majority of his firm's clients are continuing to run macOS Sierra, rather than updating to High Sierra, for reasons such as ensuring application compatibility.

Because Apple hadn't provided security updates for Sierra in recent weeks, MacWorks has been assessing whether it would be necessary to upgrade its clients to High Sierra to gain protections against Meltdown.

The firm decided against that course of action because the potential issues created by changing the operating system outweighed the risks of waiting for a Meltdown patch, Zigmont said.

"We told clients just to stay where they were. We made that call, and hoped that Apple would patch these [Macs] sooner rather than later," Zigmont said. "What Apple pushed out today is a really huge relief for us."

Meltdown stems from a widespread processor flaw that can theoretically be exploited to provide access to kernel memory, though no attacks have been reported to date.

Another processor vulnerability that was uncovered in tandem with Meltdown, Spectre, had been previously addressed for Macs running Sierra and El Capitan. Apple released the Spectre protections via an update to the Safari browser on Jan. 8.

Zigmont said he didn't fault Apple for releasing the Meltdown protections for Sierra and El Capitan several weeks after providing updates to High Sierra.

"I don’t think they were holding back – I think they were putting their time and attention into this because these are not trivial patches. These are really serious flaws," he said.

When it comes to Spectre, Intel on Monday told OEMs to cease deployment of its patches for the exploit after it acknowledged the Spectre patch was creating reboot issues for Intel's Broadwell and Haswell chips. Solution providers told CRN there is no clear timeline for the resolution of the Spectre and Meltdown exploits as a result of Intel stopping deployment of the latest patches.