iPhone users: Upgrade to iOS 11.2.2 now if you want to be protected against Spectre

The latest iOS patch from Apple addresses the Intel chip flaw that affects every single i-device.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • Apple has released iOS 11.2.2, which closes the Spectre vulnerability caused by faulty Intel chip design.
  • With the threat now patched, there's no better time to implement OS update best practices—those who fall prey to Spectre will only be those guilty of not updating.—TechRepublic

Apple has released update 11.2.2 for iOS, which addresses holes in Safari and WebKit that allow Spectre to affect iPhones, iPods, and iPads.

Spectre and Meltdown are the names for the two vulnerabilities that take advantage of the recently revealed design flaws in Intel chips that allow malicious software to read kernel memory and other mapped physical memory.

While there are no known flaws exploiting the Intel chip weaknesses on iOS, Apple's patching of Safari and WebKit is a precaution designed to eliminate future threats. Apple recommends all iOS users update their devices immediately.

What is Spectre?

Apple has said that iOS devices are vulnerable to both Spectre and Meltdown, but the latest patch, 11.2.2, only addresses Spectre, as exploits from Meltdown were patched in iOS 11.2.

Meltdown is the exploit that has the potential to slow down affected machines, though Apple has said that its testing of patches against it have revealed no performance degradation.

SEE: IT leader's guide to reducing insider security threats (Tech Pro Research)

Spectre is the half of the Intel exploit that makes data stored in kernel memory available for reading by other processes. It's the slower of the two exploits, and is less likely to be used, though if it was it could be just as devastating as Meltdown.

While Meltdown requires an app installed locally on the affected device, Spectre can read kernel memory via JavaScript running on the web, which is what this iOS patch protects against.

Another reminder to implement best practices for device updates

There has yet to be a verified report of Spectre or Meltdown being used in the wild, but given the speed with which malware coders work it's safe to assume that one or both will appear eventually.

As with other widespread exploits, those affected by Spectre and Meltdown in the coming months will be guilty of one thing: not updating their operating systems.

SEE: Guidelines for building security policies (Tech Pro Research)

It is true that the Intel flaws won't be entirely resolved until new chips have been designed, but working around software patches to attack a hardware flaw is extremely complicated. Modern cybercriminals are more apt to use malware-as-a-service that relies on unpatched exploits than to invest time and money in writing complex code—WannaCry and Petya proved that.

IT leaders need to be diligent in patching systems for well-known exploits like Spectre and Meltdown in order to prevent a repeat of 2017's massive malware outbreaks.

Also see:

About Brandon Vigliarolo

Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.

Editor's Picks

Free Newsletters, In your Inbox