Metldown and Spectre security risks affecting nearly every modern processor came to light last week, and now Apple has released a pair of software updates to address the Spectre vulnerability. iOS 11.2.2 and macOS High Sierra 10.13.2, while sparse in detail, are both now available for free on compatible devices.
iOS 11.2.2 for iPhone and iPad contains security fixes that aren’t fully fleshed out, but Apple does say that they affect Safari and Webkit to “mitigate the effects of Spectre.” Apple claims the Metldown vulnerability was addressed in iOS 11.2, and since there isn’t a hardware fix for Spectre, the company issued this over-the-air update to all compatible devices. iOS 11.2.2 is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. It can be downloaded by navigating to Settings > General > Software Update.
A supplemental update in macOS High Sierra 10.13.2 is available today that uses similar Safari work-arounds to address the Spectre vulnerability. Apple also previously addressed Metldown in the first update of macOS High Sierra 10.13.2. All compatible machines can download the supplemental update for free from the Mac App Store, and a Safari 11.0.2 update is available for Macs running OS X El Capitan 10.11.6 and macOS Sierra 10.12.6. The Safari update also addresses Spectre risks.
Apple released an official statement about the Meltdown and Spectre risks last week, stating that all Mac and iOS are effected but no known issues impacting customers have come to light yet. Apple had already addressed Meltdown issues in previous updates, so Spectre was the remaining vulnerability that needed fixing with these updates. To avoid issues, Apple recommends only downloading software from approved sources, such as its official App Store. The company also stated that the Apple Watch is not affected by the Meltdown and Spectre vulnerabilities.