meltdownspectre100745817orig

Apple releases iOS 11.2.2 and macOS 10.13.2 updates with Spectre fix for Safari and WebKit

Are you tired of hearing about Meltdown and Spectre yet? Well, get used to it, because the security updates keep on coming!

As we mentioned in our FAQ, Apple has already mitigated the effects of Meltdown on Macs in macOS 10.13.2, and of Spectre in iOS devices in iOS 11.2. But at the time of Apple's first announcement last week, there was still the possibility of exploiting the Spectre vulnerability through Javascript in the Safari browser. Apple promised an update to mitigate that avenue of attack was coming soon.

iOS 11.2.2 is that update. As we’ve explained before, there is no “fix” for Spectre—it’s endemic to the way nearly every modern processor with speculative execution operates. But patches can help mitigate the risk, making it much harder for Spectre to be exploited.

Fixing Safari and WebKit is especially important on iOS, where other web rendering engines are esentially forbidden. You can run other web browsers on iOS, and apps can display web pages, but they all have to use Apple's own WKWebView API to display the web content with Apple's WebKit implementation. 

In other words, this security update doesn't just fix Safari, it fixes every app that displays web content on your iOS device. So you should definitely install it immediately.

MacOS 10.13.2 supplemental update

Apple already mitigated the effects of Meltdown (which affects only Intel processors) in macOS 10.13.2. Today, about a month after that release, it is pushing out a supplemental update that mitigates the effects of Spectre in Safari and Webkit.

All you have to do to install it is launch the App Store and head to the Updates section. 

Unlike iOS, macOS does not require all web content to be displayed with Apple's own WebKit rendering engine. So, while this update will help secure Safari and apps that use the WebKit rendering engine, it will not fix other browsers you run on your Mac. If you run Firefox, make sure you update to 57.0.4 or later. An update to the Chrome browser with Spectre mitigations is expected in Chrome 64, currently scheduled for release in late January.

IDG Insider

PREVIOUS ARTICLE

« Samsung Micro LED explained

NEXT ARTICLE

Amazon's Alexa app headed to Windows PCs, exposing Cortana's smart-home weakness »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Poll

Do you think your smartphone is making you a workaholic?