Technology

Apple Issues iOS 11.2.2 Update To Fix Spectre Vulnerability In Safari

Just days after confirming that all the Macs, iPhones, and iPads were vulnerable to the recently revealed Spectre and Meltdown vulnerabilities, Apple has pushed out the iOS 11.2.2 update to address the flaws. Spectre and Meltdown affect almost all computers on the planet running processors from Intel, AMD, and ARM. The iPhones and iPads use Apple’s custom processors, but they are based on ARM’s technology.

iOS 11.2.2 Update
Image Source: Apple.com (screenshot)

iOS 11.2.2 update, macOS High Sierra 10.13.2 available for download

The iOS 11.2.2 update is available for download on all iPhones, iPads, and iPod Touch devices compatible with iOS 11. Apple has also released the macOS High Sierra 10.13.2 Supplemental Update, and Safari 11.0.2 for macOS Sierra and OS X El Capitan. The Cupertino company has said earlier that Apple Watch is not affected by the Meltdown or Spectre bugs.

You can download and install the iOS 11.2.2 update right now by going to Settings > General > Software Update. The update is nearly 76MB in size, so you might want to be connected to a WiFi network before downloading it. Your device should be plugged in or have at least 50% battery charge to install it. The iOS 11.2.2 is the ninth update to the iOS 11 since its release in September.

Soon after the Spectre and Meltdown bugs were made public, Apple told users that all the Mac and iOS devices were affected by the vulnerabilities. Since exploiting the bugs requires a malicious app to be loaded on your device, the company told users at the time that they should download apps only from trusted sources such as the App Store.

The hardware-based bugs allow hackers to take advantage of the speculative execution mechanism of processors to gain access to sensitive data. Apple had addressed the Meltdown in the iOS 11.2 update, and had promised to bring a mitigation for Spectre. The latest iOS 11.2.2 update addresses Spectre via Safari browser and WebKit-based software workarounds because there is no direct hardware fix for the bug.

If you haven’t already done it, download the update on your iPhone, iPad, or Mac right now. If you are even a little concerned about data security, do not skip the latest updates. If you have a MacBook, install the macOS High Sierra 10.13.2; and if you have an iPhone or iPad, check for the iOS 11.2.2. update in the Software Update section of Settings. 

If you don’t install the updates, your sensitive data is at risk

Security researchers at Google’s Project Zero, University of Pennsylvania, University of Maryland, and other institutions had apprised chipmakers of the serious flaws in their processors way back in June last year. But the Spectre and Meltdown vulnerabilities were not made public until the last week of December. It gave chipmakers such as Intel, AMD, and ARM some time to look into the loopholes and come up with a fix. ARM’s technology is used by Apple, Samsung, Qualcomm and many others.

Just weeks before the Spectre and Meltdown bugs were made public, Intel CEO Brian Krzanich sold millions of dollars worth of shares of Intel stock. The timing of the massive sale raised serious questions considering Krzanich was aware of the bugs that affected every single chip made by Intel.

The vulnerabilities allow hackers to inject code into a PC, Mac or smartphone. The code can read data in a chip’s memory even if that data belongs to another process. It means hackers could write codes and inject them into your device to steal your passwords and other confidential information. Google’s Project Zero researcher Jann Horn had demonstrated how people with malicious intentions could take advantage of the speculative execution to access data “that should have been inaccessible” including “passwords, encryption keys, or sensitive information open in applications.”

If the iPhones and Macs are affected by the Spectre and Meltdown bugs, there is a high chance Android phones are also vulnerable to the bugs. It’s just that most Android vendors are not talking about it.

Both the Meltdown and Spectre bugs pose a serious risk, but they are incredibly complex. Hackers are more likely to target the systems of large corporations, government organizations, cloud services like Google Cloud and Amazon Web Services, and spy agencies. Amazon and Google have already patched their cloud services to safeguard against the Spectre and Meltdown vulnerabilities.