Spectre vulnerability logo

Apple has released today security updates to mitigate the effects of the Spectre vulnerability that affects processors deployed with Apple devices such as smartphones, tablets, and desktop computers.

The patches mitigate two security bugs (CVE-2017-5753 and CVE-2017-5715) collectively referred to as Spectre.

Apple released macOS High Sierra 10.13.2, iOS 11.2.2, and Safari 11.0.2, all which include mitigations for Spectre.

The company previously patched the Meltdown flaw (CVE-2017-5753) in December 2017 with the release of iOS 11.2, macOS 10.13.2, and tvOS 11.2.

Meltdown and Spectre are two vulnerabilities that affect almost all modern processors. Meltdown only affects Intel CPUs, while Spectre affects processors from Intel, AMD, and ARM.

Both allow attackers to retrieve data from a device's processor memory, both from the secure area of the kernel, but also from other apps running on the PC.

A Google security expert found these flaws based on his work and by research published by multiple other academics. Google disclosed the existence of these CPU flaws last week.

Shortly after Google's disclosure, Apple issued a press release revealing it secretly patched Meltdown and promised to release security updates to mitigate Spectre this week.

Users should not ignore today's updates as Spectre is the only flaw of the two that can also be exploited remotely, via JavaScript code hidden on a web page.

Linux, Microsoft, Mozilla, Cisco, and many other hardware and software vendors released updates or mitigation advice. You can find a complete list here.