Spectre Meltdown

Apple releases iOS 11.2.2 and macOS 10.13.2 updates with Spectre fix for Safari and WebKit

Life
(Image: IDGNS)

9 January 2018

Tired of hearing about Meltdown and Spectre yet? Well, get used to it, because the security updates keep on coming.

Apple has already mitigated the effects of Meltdown on Macs in macOS 10.13.2, and of Spectre in iOS devices in iOS 11.2. But at the time of Apple’s first announcement last week, there was still the possibility of exploiting the Spectre vulnerability through Javascript in the Safari browser. Apple promised an update to mitigate that avenue of attack was coming soon.

iOS 11.2.2 is that update. There is no fix for Spectre – it’s endemic to the way nearly every modern processor with speculative execution operates but patches can help mitigate the risk, making it much harder for Spectre to be exploited.

Fixing Safari and WebKit is especially important on iOS, where other Web rendering engines are esentially forbidden. You can run other browsers on iOS, and apps can display web pages, but they all have to use Apple’s own WKWebView API to display the web content with Apple’s WebKit implementation.

In other words, this security update doesn’t just fix Safari, it fixes every app that displays Web content on your iOS device. So you should definitely install it immediately.

MacOS 10.13.2 supplemental update
Apple already mitigated the effects of Meltdown (which affects only Intel processors) in macOS 10.13.2. Today, about a month after that release, it is pushing out a supplemental update that mitigates the effects of Spectre in Safari and Webkit.

All you have to do to install it is launch the App Store and head to the Updates section.

Unlike iOS, macOS does not require all web content to be displayed with Apple’s own WebKit rendering engine. So, while this update will help secure Safari and apps that use the WebKit rendering engine, it will not fix other browsers you run on your Mac. If you run Firefox, make sure you update to 57.0.4 or later. An update to the Chrome browser with Spectre mitigations is expected in Chrome 64, currently scheduled for release in late January.

IDG News Service

Read More:


Back to Top ↑

TechCentral.ie