![]() ![]() WebKit is affected because in order to render modern web sites, any web JavaScript engine must allow untrusted JavaScript code to run on the user’s processor,” WebKit developers said. “Spectre impacts WebKit directly. “To initiate a Spectre- or Meltdown-based attack, the attacker must be able to run code on the victim’s processor. ![]() ![]() “Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark,” Apple said last week.Īpple believes the Meltdown technique, which relies on a vulnerability tracked as CVE-2017-5754, has the most potential for exploitation.Īs for the WebKit engine, which is used by Safari, Mail and the App Store, its developers have explained why it's impacted by Spectre and Meltdown. Apple Watch is not vulnerable to either of the attack methods.Īpple’s analysis showed that the Spectre vulnerabilities “are extremely difficult to exploit,” even by a local app running on iOS or macOS, but the company warned that remote exploitation via JavaScript running in the browser is possible. Mitigations for the Meltdown attack were rolled out by Apple, before the flaws were disclosed, with the release of iOS 11.2, macOS 10.13.2 and tvOS 11.2. The latest updates address the Spectre vulnerabilities, specifically CVE-2017-5753 and CVE-2017-5715. The Safari improvements are also included in version 11.0.2 of Apple’s web browser. Updates released by Apple on Monday for iOS, macOS and Safari should mitigate the effects of the vulnerabilities exploited by the recently disclosed attack method named Spectre.Īpple informed customers that iOS 11.2.2 and macOS High Sierra 10.13.2 Supplemental Update include security improvements for Safari and WebKit. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |