Spectre and Meltdown Patches for 10.11 and 10.12

Originator:broccardo
Number:rdar://36324526 Date Originated:20180105
Status:Open Resolved:
Product:macOS Product Version:10.11/10.12
Classification:Bug Reproducible:Always
 
Summary:
On the morning of January 5, 2018, “About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan” https://support.apple.com/en-us/HT208331 listed macOS 10.11.6 and 10.12.6 as having been patched against the Meltdown exploit (CVE-2017-5754). By lunchtime time that designation had been removed. 

Even if 10.13 had been a flawless release most organizations wouldn’t have deployed a brand new OS en masse just three months after its release. As such, it would be unfortunate if Apple felt access to key security updates be tied to having deployed only the latest available OS release. 

Organizations have workflows and third-party applications they need to coordinate release schedules with when considering upgrades, and they should be able to plan for support of at least OS version N-1, if not N-2, when it comes to security updates. 

What will be Apple's response for 10.11 and 10.12 when it comes to patching the Meltdown and Spectre (CVE-2017-5715 & CVE-2017-5753) vulnerabilities?

Impact: 1300 machines

Steps to Reproduce:
N/A

Expected Results:
Kernel, Safari and other system-level patches available to mitigate vulnerabilities if possible. 

Actual Results:
No patch available at this time

Version/Build:
10.11.6 / 15G17023
10.12.6 / 16G1036

Configuration:

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!