Additional mitigations for speculative execution vulnerabilities in Intel CPUs

  • Apple has released security updates in macOS Mojave 10.14.5 to protect against speculative execution vulnerabilities in Intel CPUs.
  • The issues addressed by these security updates do not affect Apple iOS devices or Apple Watch.

Apple previously released security updates to defend against Spectre—a series of speculative execution vulnerabilities affecting devices with ARM-based and Intel CPUs. Intel has disclosed additional Spectre vulnerabilities, called Microarchitectural Data Sampling (MDS), that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.

macOS Mojave 10.14.5 includes security updates for Safari, and the option to enable full mitigation, as described below. 

Security Update 2019-003 High Sierra and Security Update 2019-003 Sierra include the option to enable full mitigation.

About security fixes in macOS Mojave

macOS Mojave 10.14.5 fixes this issue for Safari with no measurable performance impact.This update prevents exploitation of these vulnerabilities via JavaScript or as a result of navigating to a malicious website in Safari.

Customers can also protect their Mac by updating security settings in macOS to download apps only from the App Store. This setting helps prevent the installation of apps that could potentially exploit these vulnerabilities. All apps from the App Store are signed by Apple to ensure that they haven’t been tampered with or altered. Learn how to view and change app security settings on your Mac.

Although there are no known exploits affecting customers at the time of this writing, customers with computers at heightened risk or who run untrusted software on their Mac can optionally enable full mitigation to prevent harmful apps from exploiting these vulnerabilities. Full mitigation requires using the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology. This capability is available for macOS Mojave, High Sierra, and Sierra in the latest security updates and may reduce performance by up to 40 percent2, with the most impact on intensive computing tasks that are highly multithreaded. Learn how to enable full mitigation

Unsupported Mac models

These Mac models may receive security updates in macOS Mojave, High Sierra or Sierra, but are unable to support the fixes and mitigations due to a lack of microcode updates from Intel.

  • MacBook (13-inch, Late 2009)
  • MacBook (13-inch, Mid 2010)
  • MacBook Air (13-inch, Late 2010)
  • MacBook Air (11-inch, Late 2010)
  • MacBook Pro (17-inch, Mid 2010)
  • MacBook Pro (15-inch, Mid 2010)
  • MacBook Pro (13-inch, Mid 2010)
  • iMac (21.5-inch, Late 2009)
  • iMac (27-inch, Late 2009)
  • iMac (21.5-inch, Mid 2010)
  • iMac (27-inch, Mid 2010)
  • Mac mini (Mid 2010)
  • Mac Pro (Mid 2010)
  • Mac Pro (Mid 2012)

 

 

Safari performance: Testing conducted by Apple in May 2019 showed that these updates resulted in no measurable reduction in Safari performance using common Web browsing benchmarks such as Speedometer, JetStream, and MotionMark.

2 macOS performance: Testing conducted by Apple in May 2019 showed as much as a 40% reduction in performance with tests that include multithreaded workloads and public benchmarks. Performance tests are conducted using specific Mac computers. Actual results will vary based on model, configuration, usage, and other factors.

 

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Datum objave: