Apple releases iOS 11.2.2 and macOS 10.13.2 updates with Spectre fix for Safari and WebKit

This small supplemental update helps mitigate the Spectre vulnerability through Javascript.

meltdown spectre
Project Zero

Today's Best Tech Deals

Picked by Macworld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Table of Contents
Show More

Are you tired of hearing about Meltdown and Spectre yet? Well, get used to it, because the security updates keep on coming!

As we mentioned in our FAQ, Apple has already mitigated the effects of Meltdown on Macs in macOS 10.13.2, and of Spectre in iOS devices in iOS 11.2. But at the time of Apple's first announcement last week, there was still the possibility of exploiting the Spectre vulnerability through Javascript in the Safari browser. Apple promised an update to mitigate that avenue of attack was coming soon.

iOS 11.2.2 is that update. As we’ve explained before, there is no “fix” for Spectre—it’s endemic to the way nearly every modern processor with speculative execution operates. But patches can help mitigate the risk, making it much harder for Spectre to be exploited.

Fixing Safari and WebKit is especially important on iOS, where other web rendering engines are esentially forbidden. You can run other web browsers on iOS, and apps can display web pages, but they all have to use Apple's own WKWebView API to display the web content with Apple's WebKit implementation. 

In other words, this security update doesn't just fix Safari, it fixes every app that displays web content on your iOS device. So you should definitely install it immediately.

MacOS 10.13.2 supplemental update

Apple already mitigated the effects of Meltdown (which affects only Intel processors) in macOS 10.13.2. Today, about a month after that release, it is pushing out a supplemental update that mitigates the effects of Spectre in Safari and Webkit.

All you have to do to install it is launch the App Store and head to the Updates section. 

Unlike iOS, macOS does not require all web content to be displayed with Apple's own WebKit rendering engine. So, while this update will help secure Safari and apps that use the WebKit rendering engine, it will not fix other browsers you run on your Mac. If you run Firefox, make sure you update to 57.0.4 or later. An update to the Chrome browser with Spectre mitigations is expected in Chrome 64, currently scheduled for release in late January.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon