Apple releases iOS 11.2.2 and macOS High Sierra 10.13.2 updates to protect against Spectre vulnerability
Following the Meltdown and Spectre revelations, let's just say that 2018 is off to a bad start for many tech companies. Apple is among the biggest players affected by the two security vulnerabilities, with all iOS and Mac users at risk.
The company was quick to patch Meltdown, however, with iOS 11.2, macOS 10.13.2 and tvOS 11.2 getting mitigations against the vulnerability. And, now, it's tackling Spectre too through new updates for its major operating systems.
The Spectre patch is rolling out as part of iOS 11.2.2 and a supplemental update for macOS High Sierra 10.13.2. It adds changes in Safari to "help defend against" the attack scenarios.
This is not a full-blown fix, as you might expect, but Apple promises that it will "continue to develop and test further mitigations for these issues and [...] release them in upcoming updates of iOS, macOS, and tvOS."
Spectre is a name covering two different exploitation techniques known as CVE-2017-5753 or "bounds check bypass," and CVE-2017-5715 or "branch target injection." These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.
Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques. Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5 percent on the JetStream benchmark.
Knowing Apple, those updates will be rolled out as quickly as possible and to the vast majority of users too. With iOS 11, it supports 11 iPhones, 13 iPads and the sixth-generation iPod touch.
The oldest-supported iPhone is the iPhone 5s. On the iPad front, iOS 11 works with iPads as old as the iPad mini 2 and iPad Air. All three devices were introduced in late-2013.
Image credit: Tamisclao / Shutterstock