The world became aware of Meltdown and Spectre earlier this week when it became apparent that security flaws in processors from Intel, AMD, ARM and others left machines powered by those CPUs vulnerable to exploits. In the case of Meltdown, the exploit allows a user-based application to read kernel memory, meaning anything protected on your machine such as passwords, credit card info and other sensitive data is vulnerable. Spectre covers two different exploits and allows applications to read each other’s memory. None of these vulnerabilities have yet to be exploited in the wild.
Companies scrambled yesterday (Jan. 3) to release patches for Windows and Android devices, with speculation mounting that the flaws, which apply to most modern processors, impacted Apple’s devices, too. Apple had been mum on the issue until this evening when a support document confirmed that all Mac systems and iOS devices were vulnerable.
Apple’s support document outlines the steps the company has taken to address those issues. In the case of Meltdown, Apple says it released mitigations for the exploit in the iOS 11.2, macOS 10.13.2 and tvOS 11.2 updates. (watchOS isn’t affected by the security vulnerabilities, so Apple Watch users can at least breathe easy.)
Apple says it’s tested the updates and found no reduction in performance using the Geekbench 4 benchmark as well as Web browsing tests including Speedometer, JetStream and ARES-6
Apple’s Spectre fix is still to come, though those vulnerabilities are harder to exploit, according to researchers. Expect updates to Safari for iOS and macOS in the coming days that will mitigate that vulnerability, Apple says.
If you’ve got a Mac, an iPhone or Apple TV, update to the latest version of the relevant OS. In fact, if you’re fairly diligent about staying up to date on your software updates, you should have already downloaded the Meltdown mitigations. Be ready to update again when Apple comes out with its Spectre mitigation. Tom’s Guide also recommends running antivirus software on your Mac since the Meltdown and Spectre attacks only work locally, with the attack coming from within the targeted machine.
We’ll update this story with more information as it becomes available.
Compiled by Philip Michaels
Courtesy of Toms Guide