Apple releases iOS 11.2.2 with security update for Safari to defend against the Spectre bug

09 Jan 2018

Apple has released iOS 11.2.2 with a security update for Safari that serves to guard against the Spectre bug.

The same fix is being used in a similar update being rolled out for macOS with the release of supplemental update to macOS High Sierra 10.13.2.

This follows Apple's confirmation last week that all macOS and iOS devices are affected by the Meltdown and Spectre vulnerabilities. Apple also released an incremental update in the form of iOS 11.2, macOS 10.13.2 and tvOS 11.2 with a patch to help defend against Meltdown. The new update being rolled out for iOS and macOS delivers the patch that defends these operating system against Spectre security flaw.

It may be pointed out that Meltdown and Spectre are two of the most critical vulnerabilities affecting computer chips ever discovered. The vulnerabilities were independently discovered by security researchers and they expose critical information such as passwords and encryption.

Meltdown, a bug, primarily affects devices using Intel chipsets while Spectre, a lesser known bug affects chipsets from Intel, AMD and ARM Holdings. Meltdown is the more serious of the two bugs revealed last week. Any attacker can use an application as a backchannel to access low-level kernel memory that is generally protected from programs and user access.

"To help defend against Spectre, Apple has released mitigations in iOS 11.2.2, the macOS High Sierra 10.13.2 Supplemental Update, and Safari 11.0.2 for macOS Sierra and OS X El Capitan.

Apple Watch is not affected by either Meltdown or Spectre," the company said in a note posted on its support pages.

Apple had acknowledged a few days ago that Spectre and Meltdown, discovered by security researchers around June last year but disclosed publicly only in the last week of December, affected almost all Apple computers including iPhones and the Mac desktops as also laptops.