Meltdown and Spectre are the name for two security vulnerabilities made public in early 2018. This article will explain how to detect vulnerability of managed Macs with Casper and how to patch vulnerable components.
- All macOS versions older than 10.13.2. For systems running 10.13.2, confirm that Apple's supplemental update has been installed. For 10.12 Sierra and 10.11 El Capitan, Apple has released Security Update 2018-001, which patches Meltdown but not Spectre.
- All Safari versions older than 11.0.2. The Safari patch for High Sierra can be found in the supplemental update above. The patch for Sierra and El Capitan can be found here: https://support.apple.com/en-us/HT208403
- Firefox versions older than 57.0.4 in the primary release channel ("mainline"), and older than 52.6.0 in the Extended Support Release channel ("ESR"). Note that as of this writing, Firefox ESR's patch has been announced, but not yet released.
- Google Chrome versions older than 64.0. Note that as of this writing, Chrome's patch has been announced, but not yet released.
In the JSS, we've added an extension attribute called "Spectre/Meltdown Vulnerability". You can add this to your inventory display by following the instructions at Casper - Extension Attributes.
For macOS 10.13 High Sierra, it will show either "Patched" or "Vulnerable". For 10.11 and 10.12, it will show "Vulnerable" or "Meltdown-Patched" and "Spectre-Vulnerable", since Security Update 2018-001 only patches Meltdown. For Safari, Firefox, and Chrome, it will also show whether they are "Patched" or Vulnerable".
- Any Macs running OS X Yosemite (10.10) or older should be upgraded. See Casper - Upgrading Macs to latest operating system for instructions on upgrading to macOS High Sierra or macOS Sierra.
- Any Macs running OS X El Capitan (10.11) or macOS Sierra (10.12) should install all the latest patches from Apple, including the Safari patch and Security Update 2018-001. See Casper - Apple Software Updates for instructions on deploying Apple Software Updates with Casper. These OSes do not currently have patches for Spectre (only Meltdown), so consider upgrading to macOS High Sierra if possible.
- Any Macs running Firefox should be updated to at least 57.0.4 or ESR 52.6.0.
- Any Macs running Google Chrome should be updated to at least 64.0.
If you have questions or need assistance, contact the Endpoint Management team at email@example.com.