Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Apple has released iOS 11.2.2, which closes the Spectre vulnerability caused by faulty Intel chip design.
- With the threat now patched, there's no better time to implement OS update best practices—those who fall prey to Spectre will only be those guilty of not updating.—TechRepublic
Apple has released update 11.2.2 for iOS, which addresses holes in Safari and WebKit that allow Spectre to affect iPhones, iPods, and iPads.
Spectre and Meltdown are the names for the two vulnerabilities that take advantage of the recently revealed design flaws in Intel chips that allow malicious software to read kernel memory and other mapped physical memory.
While there are no known flaws exploiting the Intel chip weaknesses on iOS, Apple's patching of Safari and WebKit is a precaution designed to eliminate future threats. Apple recommends all iOS users update their devices immediately.
What is Spectre?
Apple has said that iOS devices are vulnerable to both Spectre and Meltdown, but the latest patch, 11.2.2, only addresses Spectre, as exploits from Meltdown were patched in iOS 11.2.
Meltdown is the exploit that has the potential to slow down affected machines, though Apple has said that its testing of patches against it have revealed no performance degradation.
SEE: IT leader's guide to reducing insider security threats (Tech Pro Research)
Spectre is the half of the Intel exploit that makes data stored in kernel memory available for reading by other processes. It's the slower of the two exploits, and is less likely to be used, though if it was it could be just as devastating as Meltdown.
Another reminder to implement best practices for device updates
There has yet to be a verified report of Spectre or Meltdown being used in the wild, but given the speed with which malware coders work it's safe to assume that one or both will appear eventually.
As with other widespread exploits, those affected by Spectre and Meltdown in the coming months will be guilty of one thing: not updating their operating systems.
SEE: Guidelines for building security policies (Tech Pro Research)
It is true that the Intel flaws won't be entirely resolved until new chips have been designed, but working around software patches to attack a hardware flaw is extremely complicated. Modern cybercriminals are more apt to use malware-as-a-service that relies on unpatched exploits than to invest time and money in writing complex code—WannaCry and Petya proved that.
IT leaders need to be diligent in patching systems for well-known exploits like Spectre and Meltdown in order to prevent a repeat of 2017's massive malware outbreaks.
- IT pro's guide to effective patch management (free PDF) (TechRepublic)
- Apple releases iOS 11.2.2 for iPhone and iPad (ZDNet)
- Intel chip vulnerabilities put millions of devices at risk of total takeover (TechRepublic)
- Windows Meltdown-Spectre update: Some AMD PC owners post crash reports (ZDNet)
- How the Meltdown and Spectre chip flaws will impact cloud computing (TechRepublic)
Brandon Vigliarolo has nothing to disclose. He does not hold investments in the technology companies he covers.
Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.