Apple Patches MacOS, iOS, Safari Against Spectre Attack

Apple patched Macs and iOS devices against the Intel-based Meltdown vulnerability last week, but iDevice users had to wait until today (Jan. 8) to receive patches for the even-more-complicated Spectre flaw.

Credit: Tom's Guide

(Image credit: Tom's Guide)

The patches fix the Safari browser on OS X 10.11 El Capitan and macOS 10.12 Sierra, and macOS 10.13 High Sierra and iOS 11 overall. Spectre is generally pretty hard to exploit, but tests have shown that browsers are vulnerable to Spectre-based JavaScript attacks.

Apple users will in most cases receive notifications that the updates are ready. If not, go to the App Store on Macs and to Settings on iOS. To make sure that you're up to date, check to see if you've been updated to Safari 11.0.2 on Macs, or to iOS 11.2.2. 

MORE: Meltdown and Spectre: How to Protect Your PC, Mac and Phone

The Meltdown-related flaw gives applications read access to the system's core memory, or kernel, which isn't supposed to happen. Using the Meltdown attack, a malicious program could read all data put into memory by the kernel or by any other application, and thus steal passwords, images, credit-card numbers and other kinds of sensitive information.

Screen grab by Henry T. Casey/Tom's Guide

Screen grab by Henry T. Casey/Tom's Guide

The flaw stems from the way Intel and Intel-related chips manage running memory. Intel sped up its chips beginning in 1995 by letting the kernel share some management features with applications. Nearly 23 years later, it turns out that was a bad idea.

Intel-based Macs (which is all Macs since 2006) are naturally affected, but surprisingly, so are iPhones and iPads. It turns out that Apple's 64-bit mobile chipsets, beginning with the A7 chip in 2013, share many similarities with Intel CPUs.

The Spectre-related flaws are even more complicated, but the Spectre attack essentially lets applications read each other's memory. Again, sensitive data could be compromised by malicious apps. In Spectre's case, malicious or corrupted websites could also steal date remotely from targeted machines.

Spectre affects all Intel and ARM-based chips, as well as some AMD ones. As almost all smartphones contain some ARM hardware, there was never any doubt that iPhones and iPads would be affected along with Macs.

Best Mac Antivirus Software

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Online Security
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
How to delete TikTok
TikTok has rolled out a vital new security feature — here's how to use it
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Thursday, March 20 (#648)
A phone with the Plex logo in front of an out-of-focus background of movie posters
Yikes! Plex is getting a price hike and this key feature is going behind a pay wall
back of Iris Pixel 9a
Google Pixel 9a pre-orders delayed due to 'component quality issue' — here's when you can get one
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Sony A95K QD-OLED TV in front of windows in a living room
This new TV breakthrough looks like a game-changer for OLED TVs
Apple iPhone 16 & 16 Plus hands-on.
Forget USB-C — a truly portless iPhone just got the all-clear from the EU