Access Keys:
Skip to content (Access Key - 0)

Casper - Detect and remediate Meltdown and Spectre vulnerabilities

Meltdown and Spectre are the name for two security vulnerabilities made public in early 2018. This article will explain how to detect vulnerability of managed Macs with Casper and how to patch vulnerable components.

Vulnerable software versions

  • All Safari versions older than 11.0.2. The Safari patch for High Sierra can be found in the supplemental update above. The patch for Sierra and El Capitan can be found here: https://support.apple.com/en-us/HT208403
  • Firefox versions older than 57.0.4 in the primary release channel ("mainline"), and older than 52.6.0 in the Extended Support Release channel ("ESR"). Note that as of this writing, Firefox ESR's patch has been announced, but not yet released.
  • Google Chrome versions older than 64.0. Note that as of this writing, Chrome's patch has been announced, but not yet released.

Detection in Casper

In the JSS, we've added an extension attribute called "Spectre/Meltdown Vulnerability". You can add this to your inventory display by following the instructions at Casper - Extension Attributes.

For macOS 10.13 High Sierra, it will show either "Patched" or "Vulnerable". For 10.11 and 10.12, it will show "Vulnerable" or "Meltdown-Patched" and "Spectre-Vulnerable", since Security Update 2018-001 only patches Meltdown. For Safari, Firefox, and Chrome, it will also show whether they are "Patched" or Vulnerable".

Remediation recommendations

  • Any Macs running OS X El Capitan (10.11) or macOS Sierra (10.12) should install all the latest patches from Apple, including the Safari patch and Security Update 2018-001. See Casper - Apple Software Updates for instructions on deploying Apple Software Updates with Casper. These OSes do not currently have patches for Spectre (only Meltdown), so consider upgrading to macOS High Sierra if possible.
  • Any Macs running Firefox should be updated to at least 57.0.4 or ESR 52.6.0.
  • Any Macs running Google Chrome should be updated to at least 64.0.

Contact

If you have questions or need assistance, contact the Endpoint Management team at epm-help@mit.edu.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

January 25, 2018

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
casper casper Delete
c-casper c-casper Delete
jss jss Delete
mac mac Delete
security security Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki