2018 kicked off with a bang security-wise due to the announcement of the serious Meltdown and Spectre flaws found in processors used by a wide range of computing devices and smartphones.
The story quickly developed from being a design flaw in Intel CPUs, that could allow malicious code to access information supposedly held in “protected” areas of your computer’s memory, to being also an issue for ARM and AMD chips.
To Apple’s credit they had already started to tackle the problems before the security issues were made public. MacOS 10.13.2, released last month, mitigated against the effects of Meltdown (which only affects only Intel processors), and iOS 11.2 tackled Spectre for iPad and iPhone users.
But the newly released macOS High Sierra 10.13.2 and iOS 11.2.2 updates take things an important step further – closing the door on the possibility of the Spectre vulnerability being exploited via a Javascript attack via the Safari browser.
It really is important to keep browsers patched – as they are an obvious route through which an attacker could successfully execute code on your computer. That’s one of the reasons why I am also a strong advocate of users never venturing out onto the web without the added protection of an ad blocker.
It’s your computer, it’s your sensitive information, your passwords. Opening yourself up to some of the wildness that can lurk on websites and – in particular – poisoned ads, and allowing them to run code willy-nilly is a very dangerous game to play.
Even if Meltdown and Spectre have not been actively exploited as far as we know in malicious attacks, it still makes sense to protect against the problems as well as we can.
So, iPhone and iPad users can rest a little more easily today (provided they’ve applied the update, of course!).
Which leaves me wondering about those hundreds of millions of Android users, many of whom have been neglected for years without seeing hide nor hair of a security update.
My guess is that the latest and most expensive Android devices from leading vendors will receive an update in due course, but many others will be left in the lurch.
For more discussion on this topic, be sure to listen to this episode of the Smashing Security podcast:
Smashing Security #060: 'Meltdown, Spectre, and personal devices in the White House'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Hmm, fixed for the latest macOS (High Sierra) perhaps. It is less clear whether the earlier macOS Sierra is fixed. Some users can't run High Sierra (Mac too old) or won't (have other software that would fail). Ditto iOS.
Still, at least the upgrade doesn't trash Macs, as some PCs with Microsoft's "fix".
Like our NHS found with "WannaCry", we're all in thrall to the latest releases HAVING to be spent on.
Example: my iPad 4 won't be updated beyond IOS 10.3.3, and if I want a safe and secure device to use, I'll have to fund its replacement.
Thanks!
I have the same problem with my iPhone5–I was recently given a retired iPhone5 (first smartphone ever), and a friend set it up, finding that iOS 10.3.3 was as far as it could be updated. If it can't be updated, I'm stuck.
My trusty iPad running IOS 9.3.5 has no update for it. Is Apple expecting me to fund an upgrade to fix a problem of their and their supplier's making? Apple like to thank their users for their faith and trust customers put in their product, but part of me feels they betray that trust.
Of all the new paradigms that Apple could adopt, forced obsolescence through software is one that is the most insidiously antagonistic to me as an Apple user.
In bygone years, it was possible to have a reasonably stable Mac platform for about 5 years. In this case, "stable" means not having to constantly wrestle with software and hardware compatibility issues that cut into productive time. Those days are gone.
Apart from the form over function lunacy in the Mac Pro 6.1 (the “black trashcan”), there is still some stability on the hardware side. But on the software side, the Mac environment is an increasing disaster for anyone who cannot afford the inevitable chaos of a system "upgrade" in the middle of a long-term project.
Couple that with the deterioration of OS X into macOS, in which the Mac interface is persistently being dumbed down to the look and feel of iOS, and the result is that two of the Mac’s greatest strengths, historically — user configurability, and intuitive, user-friendly operation — have been thrown under the bus.
It has been obvious to any Mac user for a number of years (and presumably, the same applies to any iOS user) that part of the cost of being an Apple user is walking a tightrope between security on the one hand and stable productivity on the other.
I don’t mind upgrading my software or hardware when there’s a productivity benefit in doing so. I dislike being forced to do it on Apple’s schedule, which takes no account of my needs as a user.
Could not have put it better myself. As a Mac veteran I am desperately looking at Linux but for now am stuck with old versions of the OS because of incompatibilities.
I won't upgrade to 10.13 either as other Macs on my network won't be able to use the new file system.
I turned on my first Mac from 20 years ago recently and despite its lack of power and features it was still completely apparent that something has been lost along the way. Call it soul or spirit if you will – that feeling of sitting in front of a machine whose sole purpose is to enable you to do great things.