- APPLE SECURITY UPDATE 10.13.2 FOR SPECTRE PATCH
- APPLE SECURITY UPDATE 10.13.2 FOR SPECTRE SOFTWARE
- APPLE SECURITY UPDATE 10.13.2 FOR SPECTRE CODE
“A JavaScript attack being able to pull memory contents of the browser and could result in pulling credentials and session keys, which bypasses a lot of a lot of security protections,” said Jimmy Graham, director of product management at Qualys in a previous interview with Threatpost.Īpple is not releasing any additional technical details of the patches, including what – if any – penalty patches may have on device performance.
APPLE SECURITY UPDATE 10.13.2 FOR SPECTRE CODE
Last week Mozilla, along with Microsoft and Google, updated the code in their browsers to increase them time it takes to execute certain Java commands that could exploit the Spectre flaws, making it exponentially harder – but not impossible – to exploit. Spectre opens up certain types of remote attack scenarios such as browser-based attacks, according to researchers. A Meltdown attack scenario requires an attacker to already have a foothold on the targeted system. There is also a greater sense of urgency with Spectre. Apple released the original version of macOS 10.13.
The supplemental security update likely addresses the Spectre flaw that affected Safari and may contain further mitigations for Meltdown. But, at the same time, it will also be harder to patch. Apple has released an update to macOS High Sierra for all Macs running macOS 10.13.2. iOS 11.2.2 is for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.Īccording to experts, the Spectre vulnerability, variant is much more difficult attack to carry out than Meltdown because it breaks the isolation between different applications. The macOS High Sierra 10.13.2 supplemental update includes security updates for Safari and WebKit. The updates “includes security improvements” to mitigate the two known methods for exploiting Spectre identified as variants “bounds check bypass” ( CVE-2017-5753/Spectre/variant 1) and “branch target injection” ( CVE-2017-5715/Spectre/variant 2).Īpple said the Safari 11.0.2 update is available for OS X El Capitan 10.11.6 and macOS Sierra 10.12.6. Monday’s three updates include macOS High Sierra 10.13.2 supplemental, Safari 11.0.2, and iOS 11.2.2. Safari 11.0.2 mitigates the Spectre bug for older Mac software. Apple previously released mitigations against Meltdown with updates that included iOS 11.2, macOS and tvOS 11.2. Todays iOS 11.2.2 and 10.13.2 Supplemental Update fixed Spectre. This is the second update for Apple since last week’s revelation of the massive processor vulnerabilities, Meltdown and Spectre, impacting CPU’s worldwide. of your screen and check whether your system has been updated to macOS 10.13.2.
APPLE SECURITY UPDATE 10.13.2 FOR SPECTRE SOFTWARE
A macOS High Sierra 10.13.2 supplemental update was also released to bolster Spectre defenses in Apple’s Safari browser and WebKit, the web browser engine used by Safari, Mail, and App Store. Apple has already released software updates for all affected devices.
APPLE SECURITY UPDATE 10.13.2 FOR SPECTRE PATCH
Apple released iOS 11.2.2 software Monday for iPhones, iPads and iPod touch models that patch for the Spectre vulnerabilities.
0 kommentar(er)
