blog.dataJAR

Security Announcement: Meltdown and Spectre

meltdown_and_spectre

As you may have heard in the media, two speculative execution vulnerabilities have been discovered in both ARM-based and Intel CPUs.

What is Meltdown?

Meltdown (CVE-2017-5754) breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and therefore the secrets, of other programs and the operating system.

What is Spectre?

Spectre (CVE-2017-5753) breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of these practices actually increase the attack surface and may make applications more susceptible to Spectre.

How does this affect you?

At this moment in time, there is no known record of these exploits in the wild. All vendors have been working for some time on patches, and Apple has already released mitigations for Meltdown in iOS 11.2, macOS High Sierra 10.13.1+, macOS Sierra 10.12.6, OS X El Capitan 10.11.6, and tvOS 11.2.

Will this slow my device down?

With regards to Meltdown, testing with public benchmarks have shown that the changes released in the December 2017 updates resulted in no noticeable reduction in the performance of macOS and iOS. This was measured by the GeekBench 4 benchmark and also in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.

With regards to Spectre, testing indicates the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests, with an impact of less than 2.5% on the JetStream benchmark. We continue to develop and test further mitigations within the operating system for the Spectre techniques and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.

What are dataJAR doing about this?

Our internal team is working with our upstream providers to ensure our systems remain secure. Additionally, devices managed by datajar.mobi will be patched as and when Apple releases further updates to their operating systems.

Further information

If you have an active support agreement with us and would like further information, please e-mail your question to our support team.

Latest posts

See All
February 9, 2024

Update: dataJAR blog content moving to Jamf’s platform

Featured image for “Update: dataJAR blog content moving to Jamf’s platform”
July 26, 2023

Did somebody mention macOS updates?

Featured image for “Did somebody mention macOS updates?”

Featured articles

May 4, 2023

Understanding BYOD and ADE enrolments in macOS – pros, cons and what to look out for 

Featured image for “Understanding BYOD and ADE enrolments in macOS – pros, cons and what to look out for ”
March 15, 2023

Getting started with web browser management in Jamf Pro

Featured image for “<strong>Getting started with web browser management in Jamf Pro</strong>”