[Swordmaker]

Which versions of macOS / OS X have been patched against Meltdown and Spectre: macOS High Sierra: Patched against Meltdown in 10.13.2 That means software patches are now available for Macs going back to:

• iMac (Late 2009 & later)
• MacBook Air (2010 or newer)
• MacBook (Late 2009 or newer)
• Mac mini (2010 or newer)
• MacBook Pro (2010 or newer)
• Mac Pro (2010 or newer)

Current versions of iOS and tvOS patch against Meltdown.

• iOS 11.2
• tvOS 11.2

For iOS, that means devices now patched include:

• iPhone X
• iPhone 8
• iPhone 8 Plus
• iPhone 7
• iPhone 7 Plus
• iPhone SE
• iPhone 6s
• iPhone 6s Plus
• iPhone 6
• iPhone 6 Plus
• iPhone 5s

• iPad Pro 10.5-inches
• iPad Pro 9.7-inches
• iPad Pro 12.9-inches
• iPad Air 2
• iPad Air
• iPad mini 4
• iPad mini 3
• iPad mini 2
• iPod touch 6

For tvOS, that means devices now patched include:

• Apple TV 4K (Late 2017)
• Apple TV (Late 2015)

Previous versions of Apple TV didn't run full apps (only TV Markup Language apps made in partnership with Apple) so it's unclear if they face any risk from Meltdown or Spectre.

Patches for Safari to address Meltdown and Spectre are still forthcoming.

(These patches will mitigate against Meltdown and Spectre while you are computing only if you update your Macs to macOS HighSierra 10.13.2 and your iOS devices to iOS 11.2, and tvOS 11.2. — Swordmaker)

[Swordmaker]

A pretty comprehensive FAQ and source of information—mostly for Mac and iOS device users which also includes information for other computer and device users—on the Meltdown and Spectre vulnerabilities. Seems to be comprehensive and lacking the hype other sources are heavy in. Well worth going through. — PING!

MeltDown and Spectre FAQ for Apple Users
But Also Good for Other Computer & Device Users
Ping!

Pinging ShadowAce, ThunderSleeps, and dayglored for their ping lists.

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

[butlerweave]

This guy has 2 other videos on this https://www.youtube.com/watch?v=STQukPXWkTI&t=306s

[be-baw]

Thanks! Very helpful information. You did your good deed today. What are you going to for us tomorrow? ;-)

[b4its2late]

[Red Badger]

Sounds like Apple is on top of this.

Haven’t heard from MS or the Mfrs..................

[palmer]

From the FAQ: "For home users on Intel-based computers, including Macs, Meltdown can only be exploited by code running on your machine. That means someone first needs to have physical access to your computer or has to trick you into installing malware through phishing or some other form of social engineering attack."

and "Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques."

That's basically what I've been saying. Very similar side channel attacks have been know for about 2 years and there are no effective exploits in the wild. A similar side channel attack on DRAM using javascript was demo'd in 2014 and nobody was able to use it in the wild.

[Albion Wilde]

bump