Apple outs iOS 11.2.2 and macOS 10.13.2 supplemental update to mitigate Spectre vulnerability
- Apple has already confirmed that Macs and iOS devices are affected by the recently disclosed Meltdown and Spectre vulnerabilities that have taken the tech world by storm in the past few days. And while it’s already applied patches to mitigate Meltdown (in Apple iOS 11.2.2 and macOS 10.13.2), today it’s time for a couple of software updates to go out in order to address Spectre.
- iOS 11.2.2 and a supplemental update for macOS High Sierra 10.13.2 have been released with that exact aim in mind. Both of these are already available to download and install onto supported devices. Safari has been bumped to 11.0.2 on macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 for the same purpose.
The iOS 11.2.2 update can be downloaded for free on all eligible devices over-the-air in the Settings app. To access the update, go to Settings –> General –> Software Update.
- It’s important to note that Spectre is being mitigated, not fixed, with these Safari-based workarounds, because it’s a problem with modern CPU architecture and not a software issue. It’s a hardware-based exploit that takes advantage of the processor’s speculative execution mechanism, potentially allowing hackers to gain access to sensitive information.
The iOS 11.2.2 includes further fixes for the “Meltdown” and “Spectre” vulnerabilities that came to light last week. Meltdown and Spectre are serious hardware-based vulnerabilities that take advantage of the speculative execution mechanism of a CPU, allowing hackers to gain access to sensitive information.
While Meltdown was addressed in the iOS 11.2 update, Apple said it would introduce a mitigation for Spectre early this week. There is no hardware fix for Spectre, so Apple is addressing the vulnerability using Safari-based software workarounds. From Apple’s security support document:
iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Description: iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).
- macOS High Sierra 10.13.2 is a free update for all customers who have a compatible machine. The update can be downloaded using the Software Update function in the Mac App Store.
- macOS High Sierra 10.13.2 addresses the “Spectre” vulnerability that was publicized last week. Spectre, along with its sister vulnerability “Meltdown” are serious hardware-based exploits that take advantage of the speculative execution mechanism of a CPU, allowing hackers to gain access to sensitive information.
- While Meltdown was addressed in the initial macOS High Sierra 10.13.2 update, Apple said it would introduce a mitigation for Spectre in macOS and iOS early this week. There is no hardware fix for Spectre, so Apple is addressing the vulnerability using Safari-based software workarounds.
- There’s also a Safari 11.0.2 update available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 that is designed to mitigate the effects of the Spectre vulnerability. Customers running macOS Sierra and OS X El Capitan should download the new version of Safari to make sure their machines are protected.