Apple releases iOS 11.2.2  and macOS 10.13.2 updates with Spectre fix for Safari and WebKit Credit: Project Zero

Apple releases iOS 11.2.2 and macOS 10.13.2 updates with Spectre fix for Safari and WebKit

Are you tired of hearing about Meltdown and Spectre yet? Well, get used to it, because the security updates keep on coming!

As we mentioned in our FAQ, Apple has already mitigated the effects of Meltdown on Macs in macOS 10.13.2, and of Spectre in iOS devices in iOS 11.2. But at the time of Apple's first announcement last week, there was still the possibility of exploiting the Spectre vulnerability through Javascript in the Safari browser. Apple promised an update to mitigate that avenue of attack was coming soon.

iOS 11.2.2 is that update. As we’ve explained before, there is no “fix” for Spectre—it’s endemic to the way nearly every modern processor with speculative execution operates. But patches can help mitigate the risk, making it much harder for Spectre to be exploited.

Fixing Safari and WebKit is especially important on iOS, where other web rendering engines are esentially forbidden. You can run other web browsers on iOS, and apps can display web pages, but they all have to use Apple's own WKWebView API to display the web content with Apple's WebKit implementation. 

In other words, this security update doesn't just fix Safari, it fixes every app that displays web content on your iOS device. So you should definitely install it immediately.

MacOS 10.13.2 supplemental update

Apple already mitigated the effects of Meltdown (which affects only Intel processors) in macOS 10.13.2. Today, about a month after that release, it is pushing out a supplemental update that mitigates the effects of Spectre in Safari and Webkit.

All you have to do to install it is launch the App Store and head to the Updates section. 

Unlike iOS, macOS does not require all web content to be displayed with Apple's own WebKit rendering engine. So, while this update will help secure Safari and apps that use the WebKit rendering engine, it will not fix other browsers you run on your Mac. If you run Firefox, make sure you update to 57.0.4 or later. An update to the Chrome browser with Spectre mitigations is expected in Chrome 64, currently scheduled for release in late January.

IDG Insider

PREVIOUS ARTICLE

«Samsung Micro LED explained

NEXT ARTICLE

Dell's XPS 15 2-in-1 battles Apple with Radeon Vega graphics and a maglev keyboard»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

If it were legal, would your organization hack back?