Apple Patches MacOS, iOS, Safari Against Spectre Attack
Apple patched Macs and iOS devices against the Intel-based Meltdown vulnerability last week, but iDevice users had to wait until today (Jan. 8) to receive patches for the even-more-complicated Spectre flaw.
Credit: Tom's Guide
Apple users will in most cases receive notifications that the updates are ready. If not, go to the App Store on Macs and to Settings on iOS. To make sure that you're up to date, check to see if you've been updated to Safari 11.0.2 on Macs, or to iOS 11.2.2.
The Meltdown-related flaw gives applications read access to the system's core memory, or kernel, which isn't supposed to happen. Using the Meltdown attack, a malicious program could read all data put into memory by the kernel or by any other application, and thus steal passwords, images, credit-card numbers and other kinds of sensitive information.
Screen grab by Henry T. Casey/Tom's Guide
The flaw stems from the way Intel and Intel-related chips manage running memory. Intel sped up its chips beginning in 1995 by letting the kernel share some management features with applications. Nearly 23 years later, it turns out that was a bad idea.
Intel-based Macs (which is all Macs since 2006) are naturally affected, but surprisingly, so are iPhones and iPads. It turns out that Apple's 64-bit mobile chipsets, beginning with the A7 chip in 2013, share many similarities with Intel CPUs.
The Spectre-related flaws are even more complicated, but the Spectre attack essentially lets applications read each other's memory. Again, sensitive data could be compromised by malicious apps. In Spectre's case, malicious or corrupted websites could also steal date remotely from targeted machines.
Spectre affects all Intel and ARM-based chips, as well as some AMD ones. As almost all smartphones contain some ARM hardware, there was never any doubt that iPhones and iPads would be affected along with Macs.