Apple Releases Security Update to Protect Against The Spectre Flaw
Apple has released three new security updates aimed at protecting Safari and WebKit from the Spectre attack. The three updates make changes to iOS, macOS, and Safari itself, but in each case, the stated goal is protecting Safari and the underlying browser engine against attacks exploiting the recently published Spectre vulnerability.
The latest mobile update, iOS 11.2.2, includes security improvements to Apple’s Safari browser and WebKit, its software for web pages, the company said on its support page. iPhone and iPad users are urged to update their software immediately via the device’s General Settings section.
Meanwhile, Mac users can now install macOS High Sierra 10.13.2 for the same Safari fixes for laptops and desktops. The download is now available from the App Store under “Updates.”
The update comes less than a week after news broke that. Researchers also found that most Intel chips have a second variation of the vulnerability, called Meltdown. The revelation of the flaws has been followed by a flurry of announcements by chip-makers, computer manufacturers and cloud service providers reassuring customers that they are finding ways to prevent hackers from using them.
Both flaws affect something called “speculative execution” in modern computer chips, but they can be abused in different ways. One variant of Spectre could be exploited through web browsers, which is why Apple issued fixes for Safari.