Apple's Safari update protects devices from Spectre flaw
Posted January 8, 2018 2:14 p.m. EST
NEW YORK (CNNMoney) — Apple has released new security updates for iPhones, iPads, and Macs to protect users from a computer chip vulnerability known as Spectre.
Last week, security researchers revealed major flaws -- called Spectre and Meltdown -- in chips that affected billions of devices around the world. Tech companies, such as Microsoft, Google, Apple and others, scrambled to issue patches to prevent hackers from taking advantage of the vulnerabilities.
The latest mobile update, iOS 11.2.2, includes security improvements to Apple's Safari browser and WebKit, its software for web pages, the company said on its support page.
iPhone and iPad users are urged to update their software immediately via the device's General Settings section.
Meanwhile, Mac users can now install macOS High Sierra 10.13.2 for the same Safari fixes for laptops and desktops. The download is now available from the App Store under "Updates."
Apple said last week all of its iOS and Mac devices were affected by the flaws, and it already released updates to mitigate against Meltdown. Now, Apple users can be protected against Spectre, too.
Both flaws affect something called "speculative execution" in modern computer chips, but they can be abused in different ways. One variant of Spectre could be exploited through web browsers, which is why Apple issued fixes for Safari.
There is no evidence these flaws have been exploited.
Although companies continue to roll out fixes, experts say hackers may soon attempt to exploit the flaws on devices that haven't been updated. But it's unclear how easy it would be to do so. The flaws are believed to be more complicated to exploit than other common methods.
Google also released mitigations for its many of products, and said a fix for its Chrome browser will be available later this month. Meanwhile, Microsoft issued updates for its Windows and cloud products.
The good news is users who keep their web browsers, apps and devices up-to-date should be protected from anyone trying to exploit these vulnerabilities.