All iOS and Mac devices affected by Meltdown and Spectre, Apple confirms

5 Jan 2018

Image: rzoze19/Shutterstock

It was inevitable that devices made by Californian giant Apple would also succumb to the CPU vulnerabilities striking terror across the tech world.

As the world absorbed the news that chips on practically every device made in the last decade are vulnerable to Spectre and Meltdown, the only tech giant staying quiet was Apple.

Now, the California tech giant has confirmed that it has released mitigations for macOS and iOS as well as Safari on the App Store. It said that Apple Watch is not affected.

Current updates to macOS and iOS protect against Meltdown, and Apple is working on providing better protections against Spectre.

“All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” the tech giant said.

“Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.

“Apple has already released mitigations in iOS 11.2, macOS 10.13.2 and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown.

“In the coming days, we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS and watchOS,” Apple added.

What you need to know about Meltdown and Spectre

Meltdown and Spectre are what are known as exploits, vulnerabilities or weaknesses, even though they are being reported widely as bugs or flaws on central processing units (CPUs), the computer chips at the heart of every PC or smartphone.

The vulnerabilities – which exist at a hardware level – put the onus on system creators such as Apple, Microsoft and Google to release patches at an operating system level to prevent hackers from exploiting the opportunity to steal passwords, credit card numbers and other vital details.

Meltdown concerns laptops, desktop computers and internet servers that have Intel chips, and allows a rogue program to access the memory and other secrets of programs and the operating system contained in the CPU.

Spectre is an exploit that breaks the isolation between different applications on chips from Intel, AMD and ARM, and potentially allows hackers to ‘trick’ error-free programs that normally follow best practices into ‘leaking’ their secrets.

IDC estimated that there are 1.5bn PCs in use around the world today, out of which 90pc are powered by Intel processors.

The exploits were discovered by Google’s Project Zero team last June and the entire tech industry was about to embark on a coordinated response that would go public on 9 January. But someone, somewhere, blew the lid and tech giants are scrambling because the fear is that now the secret is out in the open, hackers could move fast to exploit these weaknesses.

Intel, which appears to be at the heart of the story because of the prevalence of its chips worldwide, has dismissed reportage that the weaknesses are due to any flaws on its chips, and pointed out that other chip manufacturers, such as AMD and ARM, are also vulnerable to the weakness.

The microprocessor giant said that it has begun issuing patches to combat Spectre and Meltdown, and plans to release updates for 90pc of chips made in the last five years this week.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years