'Meltdown' & 'Spectre' flaws affect all Macs and iOS devices - Apple

5 Jan, 2018 09:19 / Updated 7 years ago

All Mac systems and iOS devices are vulnerable to the recently discovered security flaws known as Spectre and Meltdown, Apple has confirmed. The tech giant said that mitigations are on the way and some have been already issued.

The flaws, which allow hackers unauthorized access to a computer’s memory and sensitive data, were discovered by security researchers at Google Project Zero on Wednesday. Security vulnerabilities called Meltdown and Spectre affect almost all modern CPUs, including those produced by Intel, Advanced Micro Devices (AMD) and ARM Holdings.

“All Mac systems and iOS devices are affected,” Apple acknowledged in a statement on Thursday, adding that no cases had yet been reported of customers being affected by the security flaws.

Apple has issued updates for the iOS 11.2, macOS 10.13.2 and tvOS 11.2 systems to protect against Meltdown, which the company believes “has the most potential to be exploited.” The tech giant added that Apple Watch is not affected by the flaw, which allows hackers to “melt” security boundaries between user applications and the operating system.

Patches to protect users from another vulnerability, Spectre, are expected to be released “in coming days.” While the flaw’s techniques “are extremely difficult to exploit,” it can still potentially affect devices in JavaScript running in a web browser, according to Apple. Spectre can be used by hackers to dissolve the barrier that separates different applications and trick otherwise error-free applications into leaking information stored in their memory.

Both security flaws require a malicious app to be loaded on the device operating on Mac systems or iOS, so the general recommendation from Apple is to avoid downloading software from suspicious sources and use only trusted ones such as the App Store.