The Meltdown Mac OS

  • Chromebooks: This Google support document shows which Chromebooks are vulnerable to Meltdown, and whether they’ve been patched. Your Chrome OS device is always checking for updates, but you can manually initiate an update by heading to Settings About Chrome OS Check for and apply updates.
  • Apple today confirmed that it has addressed the recent 'Meltdown' vulnerability in previously released iOS 11.2, macOS 10.13.2, and tvOS 11.2 updates, with additional fixes coming to Safari in the.

Whether your IT department locked down your Mac or you grabbed one from eBay that the seller forgot to “clean up”, you may encounter a big problem when trying to install software as a non-admin.

Apple released new updates for older versions of its Mac operating system to protect against the Meltdown and Spectre attacks. The company had previously issued a patch for macOS High Sierra, the.

Here’s a possible workaround.

If you’re trying to install software on your Mac the first thing you should do is simply contact your IT department. They can use login to your computer remotely and installed the software for you. You may not like having to wait for IT but it’s not you’re computer so you shouldn’t install stuff on it. Also, you could unwittingly end up installing something that looks benign but is actually nefarious.

That being said, in an emergency there are two possible solutions:

The Meltdown Mac OS
  1. Drag and Drop
  2. Single User Mode

When you see the application installation login window you can either beg for the admin password or try a little workaround that I’m about to show you.

First see if you can just drag the app icon into the Applications folder.

If that fails, you could try Control clicking the app and choosing Open Package Details to see if you can modify the info.plist file or whatevever.

There was on old hack that worked on older versions of Mac OS X that let you modify a string in info.plist which effectively disabled authentication. Well I haven’t found a way to get this work in Mac OS X Yosemite so I’m going to assume it doesn’t work anymore.

One other possibility is to boot the Mac to Single User Mode and use the Directory Services Command Line tool to join your non-admin account to the administrator group.

Reboot and hold down Command + s until you see a black screen appear with a bunch of white text.

After a few seconds you’ll at something that resembles a Unix prompt.

First we need to mount the root file system so type

This mounts the root file system for read-write access.

Then type:

Replace <usernameToBeGivenRoot> with your non-admin username.

If you need to list the users and groups you can type:

Press Enter, type reboot and login with your non-admin account.

Ultimately, you shouldn’t try to “hack around” the password security mechanisms that prevent you from installing software. These features are here for a reason and unless you really know what you’re doing some of the tutorials out there can leave you with a broken PC and a chagrined look on your face when you call IT and they ask you what happened.

Posted in Apple, Mac OS X 10.9 Mavericks Tagged with: Tricks

Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at the time of this writing. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.

Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Security updates for macOS Sierra and OS X El Capitan also include mitigations for Meltdown. To help defend against Spectre, Apple has released mitigations in iOS 11.2.2, the macOS High Sierra 10.13.2 Supplemental Update, and Safari 11.0.2 for macOS Sierra and OS X El Capitan. Apple Watch is not affected by either Meltdown or Spectre.

We continue to develop and test further mitigations for these issues.

Background

The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.

The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.

Meltdown

Meltdown is a name given to an exploitation technique known as CVE-2017-5754 or 'rogue data cache load.' The Meltdown technique can enable a user process to read kernel memory. Our analysis suggests that it has the most potential to be exploited. Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and also in Security Update 2018-001 for macOS Sierra and Security Update 2018-001 for OS X El Capitan. watchOS did not require mitigation.

Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.

The Meltdown Mac Os X

Spectre

Spectre is a name covering multiple different exploitation techniques, including—at the time of this writing—CVE-2017-5753 or 'bounds check bypass,' and CVE-2017-5715 or 'branch target injection,' and CVE-2018-3639 or “speculative bounds bypass.” These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.

The Meltdown Mac Os Catalina

Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. On January 8th Apple released updates for Safari on macOS and iOS to mitigate such timing-based techniques. Testing performed when the Safari mitigations were released indicated that the mitigations had no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark. We continue to develop and test further mitigations within the operating system for the Spectre techniques. watchOS is unaffected by Spectre.