![]() However, according to Apple, the vulnerability is "very difficult to exploit" but can be done via Javascript. There are three CVE's assigned to these issues:ĬVE-2017-5753 and CVE-2017-5715 are assigned to Spectre. Looking at the CVEs assigned to this particular vulnerability, * we can get listing of the issues that should be addressed by Apple when they decide to issue a security patch: However, with a little detective work, we can gain some insight. Security expert, noted a fix was present in a new 10.13.3 update to While Apple has yet to comment on the flaw, Alex Ionescu, Windows So, the comment in the linked article, should be viewed with (little) skepticism: ![]() ![]() About Apple security updatesįor our customers' protection, Apple doesn't disclose, discuss, orĬonfirm security issues until an investigation has occurred and (Support Article HT208394) Note that Spectre cannot be "patched", only more difficult to execute.Īs posted in another, similar security related post, it's Apple's policy to not comment on security vulnerabilities until they are patched, and even when they do, they are often quite vague about it. (Support Article HT208331) SpectreĪs of January 8th, Apple has released updates for Safari on macOS and iOS to minimize the effectiveness of Spectre. Apple patched CVE-2017-5754 (Meltdown) in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |