Apple has issued iOS 11.2.2 update, macOS high Sierra 10.13.2 update and one for Safari on Sierra and El Capitan to defend against Spectre. The Spectre design flaw was reported last week by security researchers from Google’s Project Zero team, though the flaw was actually known for more than a year. Apple Watch remains unaffected by both Meltdown and Spectre, says the company.
Where Meltdown design flaw is concerned, Apple had already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2. Apple watchOS did not require mitigation, according to the company. Apple’s iOS 11.2.2. update is around 74MB in size and simply says that it will provide a security update and is recommended for all users. Apple iOS users should install the update immediately on their devices.
Apple says the update on iOS is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. It will includes security improvements to Safari and WebKit to mitigate the effects of Spectre, explains the update page. On macOS, Apple has issued macOS High Sierra 10.13.2 Supplemental Update, which should be immediately installed on the Mac laptop or iMac. This will also update the Safari browser to version 11.0.2 and protect it against the Spectre vulnerability.
Apple’s support page for the macOS update says, “High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre.” In order to check if Safari is on the latest version on your macOS, just go open the web browser, Choose Safari > About Safari and check if this is version 11.0.2 (13604.4.7.1.6) or version 11.0.2 (13604.4.7.10.6). Apple macOS users still on Sierra and El Capitan should also update Safari to the latest version to protect against this flaw.
Spectre is the more difficult vulnerability to execute, according to researchers and they had also warned that it meant finding a fix would be more difficult. It also impacts all modern processors as Google’s Project Zero team confirmed, which means those from Intel, ARM architecture, etc. Spectre can trick secure applications into leaking crucial data and in this case it could be passwords, security questions, encrypted information, stored credit card details, etc, which could prove to be disastrous.
Apple had confirmed that all macOS, iOS and tvOS devices were impacted by both Spectre and Meltdown. While Meltdown has a higher potential of being used, the fix for this has already been issued on Apple devices.