Apple releases iOS 11.2.2 for iPhone and iPad, supplemental macOS 10.13.2 security update ...
Escalating its response to the processor vulnerabilities revealed recently, Apple has made iOS 11.2.2 available for the iPhone and iPad, and has issued a supplementary security update for macOS High Sierra 10.13.2 to further deal with the "Meltdown" attack vector and the "Spectre" vulnerability for the first time.
Apple's release notes are sparse for the update. Users can get it through the Software Update feature of the Settings application, or install it through iTunes.
The update comes in at 75.5MB for an iPhone X, and 65.7MB on an iPhone 7 Plus.
Following the news that both Intel- and ARM-based processors can be susceptible to various hacks, Apple confirmed that all of the processors on the Mac, iPhone, and iPad were potentially vulnerable to the "Meltdown" and "Spectre" attack vectors. However, the company also declared that it had already implemented some fixes in the latest iOS and macOS releases, with more still to come.
Apple's release notes are sparse for the update. Users can get it through the Software Update feature of the Settings application, or install it through iTunes.
The update comes in at 75.5MB for an iPhone X, and 65.7MB on an iPhone 7 Plus.
Following the news that both Intel- and ARM-based processors can be susceptible to various hacks, Apple confirmed that all of the processors on the Mac, iPhone, and iPad were potentially vulnerable to the "Meltdown" and "Spectre" attack vectors. However, the company also declared that it had already implemented some fixes in the latest iOS and macOS releases, with more still to come.
Comments
Apple please get your head out of your ass!
I see your point, but it doesn't seem like that big of a deal (at least for Apple), which I’d argue is why they haven't done the same for the App Store and Software Update downloaders. In terms of a SW update this critical, but it’s also something that can surely wait until you get onto WiFi. That said, why not recommend through their official channels that they make updates—even large or non-critical updates—user-forceable via Software Update with a popover that warns the user that it will be using their cellular network.
The 30% performance hit is considered the max, and was for CPU intensive applications that utilize the OS Kernel. Where you’d see a hit that size would be things like corporate databases, and cloud providers like Amazon Cloud, Google, Microsoft Azure. For iPads and IPhones it’s unlikely any performance hit would be noticed.
The reason it’s such a big problem is because of virtualization, that where many different systems exist on the same hardware. So, the Meltdown flaw is like a backdoor into all of them. Think of one company getting infected with a virus, and immediately every company in your town leaking data.
The cloud providers are scrambling, corporate IT people are pissed because of the extra work, but lawsuits from a consumer perspective aren’t likely. Intel is probably going to offer discounts to their larger accounts, but they do that anyways.
The complaint is Apple is lazy, there is no reason to restrict these downloads to WiFi. I sneeze on the internet and use 65MB of data...
I fully expect that someone will come up with a very narrow set of specially tailored benchmarks that present a worst possible case scenario for the Meltdow/Spectre workarounds for each of the major OS platforms and try to make hay with the data. But for the other 99.9999% of computer users who run a mix of real commercial applications on their computers the impacts will likely be impossible to detect at the user interaction layer because of the probabilistic nature of the optimizations and mix of apps and services running on any given device. We'll see.
EDIT:
It seems to be Safari-based web views. Safari doesn’t work, iTunes Store doesn’t work, App Store doesn’t work. Firefox works fine.
It should be possible for networks to allow security updates to be downloaded without eating into your allowance.
This is bigger than profit, bigger than charging for data. If we don’t get an handle on these exploits and issue patches as a matter of course (schedule to download when you’re asleep for example) then we won’t be able to trust these computers that hold all our information.
It seems to be, at least on my older machine, a Safari/web view problem. Firefox works fine.
2) However, in defence of Apple, the 100MB / 250MB download limit over cellular may be set by the telco's, and not Apple. Can't confirm though, but read it more than a few times.
3) Turning off WiFi altogether has all kinds of negative impact on iOS. Things stop working, like the Photos app, even though I've set to use it over cellular unlimited.