Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
13 comments

Apple Releases Meltdown and Spectre Info and Updates

The tech world has been abuzz with discussion of Meltdown and Spectre, massive “speculative execution” security vulnerabilities recently discovered in the CPUs used by nearly all modern computing devices, including the Intel CPUs used in Macs and the ARM-based CPUs in iOS devices. Ars Technica has a good explanation of the problem and overview of the response from different companies.

Late last week, Apple posted a support note explaining the situation from the company’s perspective. In short, Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and claims that its changes resulted in no measurable reduction in performance. (Initial speculation suggested that blocking these vulnerabilities could cause a 5 to 30 percent performance hit.)

In that statement, Apple said that an upcoming release of Safari would mitigate the Spectre exploits with only a minimal performance impact. The company wasted no time, pushing out iOS 11.2.2, macOS High Sierra 10.13.2 Supplemental Update, and Safari 11.0.2 (for OS X 10.11.6 El Capitan and 10.12.6 Sierra). All three updates “include security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).”

We strongly recommend installing these updates immediately, since the Spectre exploits can be implemented in JavaScript — in other words, any Web page could theoretically become a conduit to your computer or device being compromised.

On the Mac, it’s equally as important to make sure you’re running the latest version of Google Chrome (which updates itself; just quit and relaunch) and Firefox, along with any other Web browsers you use. Both Google and Mozilla have released interim updates and have more significant releases scheduled for the fourth week in January.

Apple says that the Apple Watch is unaffected by both Meltdown and Spectre.

All these updates are good, but note the word “mitigate” in Apple’s security notes, rather than the company’s usual “addressed” terminology. Spectre, in particular, is a subtle vulnerability, and we’ll likely be seeing additional protections worked into software over time.

In other words, staying up to date with the latest security updates from Apple is becoming ever more essential.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About Apple Releases Meltdown and Spectre Info and Updates