I wasn’t surprised that Apple acted quickly to start addressing the Meltdown and Spectre vulnerabilities in Macs and iOS devices. Last week showed that, whatever its marketing wishes to nudge us all to upgrade to High Sierra, its engineering teams still recognise the needs of those who are running older versions of macOS.
This was a question left open when Apple revealed that the High Sierra 10.3.2 update had included ‘mitigations’ for these vulnerabilities in December. There had been initial confusion, thanks to a temporarily incorrect statement by Apple that Sierra had the same mitigations promulgated last year. But early in the New Year it became clear that only High Sierra and iOS 11 had been patched. Apple made no commitment at that time to providing patches for El Capitan or Sierra.
In Safari 11.0.3 and Security Update 2018-001, Apple has provided similar ‘mitigations’ to those already in High Sierra.
Before we all breathe a big sigh of relief, this is only the start of what is needed to address Meltdown and Spectre. These are mitigations which make it much less likely that the vulnerabilities can be exploited in Mac malware; they are not complete fixes which render macOS invulnerable. Those will continue to evolve, no doubt amid ongoing controversy and arguments between interested parties. And hopefully Apple will continue to deliver those additional mitigations and fixes for El Capitan, Sierra, High Sierra, and macOS 10.14 in due course.
Coupled with the EFI firmware updates included in Security Update 2018-001, those still using El Capitan and Sierra should feel greatly reassured. Apple still loves us, even if we aren’t yet rushing forward with the future of macOS.
There is some disappointment, though, with the progress of High Sierra. I looked back at WWDC presentations from June last year, and saw the very clear statements about how well APFS supports (note, not ‘will support’) Fusion Drives by putting all the file system metadata on the SSD component. Apple has even updated its documentation on APFS, which insists that “Apple File System is optimized for Flash/SSD storage, but can also be used with traditional hard disk drives (HDD) and external, direct-attached storage.”
But there was no proud announcement that APFS in High Sierra 10.3.3 is now supported on Fusion Drives or traditional hard disks, nor any forecast as to when that might happen.
There are signs that High Sierra’s other shortcomings are slowly being addressed. Early reports from those using beta releases of 10.3.4 indicate that encoding to the new compressed still image format HEIF is included at last, although it only supports 8 bits per channel rather than the HEIF standard’s 16 bits, so is still not ready for serious use.
At this rate, sometime around this year’s WWDC, High Sierra might actually be ready for full release, with APFS supported across all Macs, good HEIF and HEVC support, all the bug fixes which were promised, and the internal changes thrust upon us. That then begs the question as to whether Apple intends repeating this protracted public beta-testing programme with macOS 10.14 from the autumn/fall of this year.
Already commentators are starting to read the tea-leaves for 10.14 before anything has started to brew. Favourite suggestions include the start of the war to end support for 32-bit apps, and a requirement to start up from an APFS volume. There now seems little doubt that macOS Server will be long dead by then, so we may see more former Server features appear as options for clients.
I for one would like to see Apple learn from its High Sierra debacle and not try to foist inadequately tested and immature system software on the public. It would make more sense to run an intensive beta programme through the autumn up to December, ensure that all features are ready for release and there are no stupid security or other errors, then release 10.14 when it has passed stringent quality control, perhaps in a year’s time.
Or am I hoping for too much?