Apple Releases iOS 11.2.2 And macOS 10.13.2 Security Updates To Counter Dangerous Spectre Exploit

Late last week, Apple confirmed that its iOS-based iPhones and iPads along with its Mac computers are vulnerable to the Meltdown and Spectre exploits (which we have covered in great detail over the past week). At the time, Apple confirmed that it silently introduced “mitigations” in previous updates to iOS, macOS and tvOS to help better defend against the Meltdown vulnerability.

"In the coming days we plan to release mitigations in Safari to help defend against Spectre," said Apple on Friday. "We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, and tvOS."

True to its word, Apple today released two new updates: one for iOS and one for macOS. iOS 11.2.2 brings further fortifications for the mobile operating system against the Spectre vulnerability, and is available right now to all supported devices (iPhone 5s and newer, iPad Air and newer).

The support document specifically states that "iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715)." Likewise, the macOS High Sierra 10.13.2 Supplemental Update uses similar language with regards to stamping out the Spectre threat.

In last week's update, Apple gave this guidance with respect to its Spectre patch:

Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques. Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark.

The Spectre security update for iOS and macOS can be accessed by using the Software Update mechanism in the respective operating systems.