Apple Releases New Security Updates to Protect Safari Against the Spectre Attack

Adjust Comment Print

Overnight Apple has released the latest update to their mobile OS, with iOS 11.2.2 delivering a security update that patches the Spectre security vulnerabilities.

Apple hasn't disclosed exactly what security issues are addressed by iOS 11.2.2, but we can expect to see details on Apple's security page shortly.

iOS 11.2.2 and a supplemental update for macOS High Sierra 10.13.2 have been released with that exact aim in mind.

For those technically minded, you can review the details of the security flaw that effects nearly all modern processors, over at Google's Project Zero blog.

More news: USA blocks $255 million military aid to Pakistan
More news: Arsene Wenger given three-match touchline ban
More news: Queens Man Accused Of Bringing Loaded, Stolen Handgun To JFK Airport

iOS 11.2.2 for iPhone and iPad contains security fixes that aren't fully fleshed out, but Apple does say that they affect Safari and Webkit to "mitigate the effects of Spectre". The download is now available from the App Store under "Updates".

Companies are in disagreement over the precise impact of the workarounds required to protect systems from the Meltdown and Spectre speculative execution flaws revealed earlier this month, with some pointing to a doubling of CPU time in their workloads while others claim to have seen 'negligible impact'.

Work continues on mitigating the impact of the Meltdown and Spectre vulnerabilities, including adding protections against JavaScript exploitation to web browsers. The three updates make changes to iOS, macOS and the Safari browser itself. The flaws are believed to be more complicated to exploit than other common methods. Meanwhile, Microsoft issued updates for its Windows and cloud products.

Analysis of these techniques revealed that while they are extremely hard to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser.