Published on: 09 January 2018
On 8 January 2018, Apple released security updates in its latest iOS version 11.2.2 to address the Spectre CPU security issues identified in various iOS devices. The security issues abuse the speculative execution feature of modern CPU microprocessors to make data stored in the memory of one running process accessible by another unprivileged process (e.g. malicious program). Exploiting the security issues requires an attacker to open specially crafted web page on the affected device.
Users are advised to take immediate action to patch the affected iOS devices to address the well-known Spectre CPU issues with elevated risks.
A successful attack could lead to arbitrary code execution, elevation of privilege, or information disclosure.
The product vendor has released iOS 11.2.2 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/en-hk/HT208401
https://www.hkcert.org/my_url/zh/alert/18010401
https://www.us-cert.gov/ncas/current-activity/2018/01/08/Apple-Releases-Multiple-Security-Updates
https://spectreattack.com/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753