Apple Patches MacOS, iOS, Safari Against Spectre Attack

Apple patched Macs and iOS devices against the Intel-based Meltdown vulnerability last week, but iDevice users had to wait until today (Jan. 8) to receive patches for the even-more-complicated Spectre flaw.

Credit: Tom's GuideCredit: Tom's Guide

The patches fix the Safari browser on OS X 10.11 El Capitan and macOS 10.12 Sierra, and macOS 10.13 High Sierra and iOS 11 overall. Spectre is generally pretty hard to exploit, but tests have shown that browsers are vulnerable to Spectre-based JavaScript attacks.

Apple users will in most cases receive notifications that the updates are ready. If not, go to the App Store on Macs and to Settings on iOS. To make sure that you're up to date, check to see if you've been updated to Safari 11.0.2 on Macs, or to iOS 11.2.2. 

MORE: Meltdown and Spectre: How to Protect Your PC, Mac and Phone

The Meltdown-related flaw gives applications read access to the system's core memory, or kernel, which isn't supposed to happen. Using the Meltdown attack, a malicious program could read all data put into memory by the kernel or by any other application, and thus steal passwords, images, credit-card numbers and other kinds of sensitive information.

Screen grab by Henry T. Casey/Tom's GuideScreen grab by Henry T. Casey/Tom's Guide

The flaw stems from the way Intel and Intel-related chips manage running memory. Intel sped up its chips beginning in 1995 by letting the kernel share some management features with applications. Nearly 23 years later, it turns out that was a bad idea.

Intel-based Macs (which is all Macs since 2006) are naturally affected, but surprisingly, so are iPhones and iPads. It turns out that Apple's 64-bit mobile chipsets, beginning with the A7 chip in 2013, share many similarities with Intel CPUs.

The Spectre-related flaws are even more complicated, but the Spectre attack essentially lets applications read each other's memory. Again, sensitive data could be compromised by malicious apps. In Spectre's case, malicious or corrupted websites could also steal date remotely from targeted machines.

Spectre affects all Intel and ARM-based chips, as well as some AMD ones. As almost all smartphones contain some ARM hardware, there was never any doubt that iPhones and iPads would be affected along with Macs.

Best Mac Antivirus Software

Create a new thread in the iPhone forum about this subject
This thread is closed for comments
No comments yet
Comment from the forums
    Your comment