Few further details are available on the updates, although Apple’s description indicates the goal of the updates is to protect against Spectre attacks.
A few days ago, Apple had acknowledged that Spectre and Meltdown, discovered by security researchers around June previous year but disclosed publicly only in the last week of December, affected nearly all Apple computers.
To Apple’s credit they had already started to tackle the problems before the security issues were made public. The technology giant also released software updates for its Mac, Apple TV and Apple Watch.
The patches fix the Safari browser on OS X 10.11 El Capitan and macOS 10.12 Sierra, and macOS 10.13 High Sierra and iOS 11 overall.
Both flaws affect something called “speculative execution” in modern computer chips, but they can be abused in different ways.
Meltdown is a name given to an exploitation technique known as CVE-2017-5754 or “rogue data cache load”. If a hacker were able to take advantage of it, Meltdown could give them access to the most secret areas of memory sitting between the operating system and the programs it runs.
All Apple Mac and iOS products are subject to these Meltdown and Spectre attack methods, according to an announcement today by Apple, although “there are no known exploits impacting customers at this time”, it added. It turns out that Apple’s 64-bit mobile chipsets, beginning with the A7 chip in 2013, share many similarities with Intel CPUs. It’s only when you head to its support page does the company say that the upgrade includes security improvements to Safari and WebKit to mitigate the effects of Spectre. Even though the threats have been mitigated, Apple still warns against installing apps from unknown publishers.
As always, it is recommended that you only install apps from trusted sources like the AppStore to avoid potential exploits from malicious apps.