The second mass update dealing with last week’s chip-breaking bug
Apple has released three new security updates aimed at protecting Safari and WebKit from the Spectre attack. The three updates make changes to iOS, macOS, and Safari itself, but in each case, the stated goal is protecting Safari and the underlying browser engine against attacks exploiting the recently published Spectre vulnerability.
Few further details are available on the updates, although Apple’s description indicates the purpose of the updates is to protect against Spectre attacks. The researchers responsible for discovering the bug, including Google’s Jann Horn, are thanked in the acknowledgments.
It’s the second round of such updates from Apple, which confirmed on Thursday that all devices running iOS and macOS were affected. Meltdown-specific patches have already released for iOS (11.2), macOS (10.13.2), and tvOS (11.2). Browsers have been a particular focus for patching, with similar fixes already implemented in the latest versions of Chromeand Firefox.
“There are no known exploits impacting customers at this time,” Apple said in a statementon Thursday. “Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.”
Meltdown was the most urgent and easily patchable of the flaws, but other vulnerabilities have typically required patches at the processor and software level. It’s still unclear whether Apple’s A-Series processor will require a separate patch.