On 01/08/2017, Apple released version 11.2.2 of their mobile operating system iOS. This update includes security improvements to Safari and WebKit to mitigate the effects of Spectre.
Installation and Compatible Devices
iOS 11.2.2 is available for download as an Over The Air (OTA) update for all:
- iPhone 5s and later
- iPad Air and later
- iPod Touch 6th Generation and later
An over-the-air update is a software update that is distributed over Wi-Fi or mobile broadband instead of requiring the user to connect the device to a computer via USB to perform the update.
The file size for this update, according to my device, is around 65.7 MB. So it’s not too big of a download.
It is also available via iTunes.
Before using either method, I highly recommend doing an iCloud backup of all your data (just in case). You can find the steps on how to do so here.
What is Spectre
Spectre is a hardware security vulnerability that forces programs on a user’s operating system (OS) to access an arbitrary location in the program’s memory space, allowing attackers to potentially steal data which is currently processed on the computer such as:
- instant messages
It was uncovered independently by two teams / parties alongside another vulnerability, Meltdown, on January 3, 2018:
1. Jann Horn from Google‘s Project Zero
2. Paul Kocher in collaboration with Daniel Genkin, Mike Hamburg, Moritz Lipp and Yuval Yarom.
It’s existence, however, dates to June 1, 2017 when the affected hardware vendors became aware of the issue.
There are currently two Common Vulnerabilities and Exposures IDs related to Spectre, one for each variant of the issue. These are:
1. Branch target injection: CVE-2017-5715
2. Bounds check bypass: CVE-2017-5753
Information regarding the issue is logged as:
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
How Does It Work
WebKit’s response to Spectre is a two-tiered defense:
- WebKit, as well as other browsers such as Firefox and Google Chrome, have disabled SharedArrayBuffer, since it can be used to create a high-resolution timer, and reduced timer precision from
performance.nowand other sources to 1ms.
- WebKit is transitioning to using branchless security checking in addition to branch-based security checking. One of the ways they’re implementing this is by using Index Masking.
Some of these changes shipped in the Jan 8 updates and more such changes will continue to land in WebKit soon enough.
To summary, in order to keep your data safe you must update all compatible iOS devices.
If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.