All Mac iOS devices and systems are exposed and vulnerable to the recently discovered chip bugs known as Spectre and Meltdown, Apple confirmed on Thursday. The flaws, which as we discussed before, allow hackers unauthorized access to a computer’s memory and sensitive data, were discovered by security researchers at Google Project Zero on Wednesday. Security vulnerabilities called Meltdown and Spectre affect almost all modern CPUs, including those produced by Intel, AMD and ARM Holdings.
“All Mac systems and iOS devices are affected,” Apple acknowledged in a statement on Thursday, adding that no cases had yet been reported of customers being affected by the security flaws.
To address these security vulnerabilities, Apple users may have noticed a suspiciously timed software update released earlier this week for their iPads, MacBooks and iPhones – an update that appeared to precede news about the latest controversy involving makers of microprocessors. Intel, one of the world’s largest chipmakers, admitted that its chips contain a flaw making it easier for hackers to hoover up sensitive information like the owner’s passwords. It was later revealed that this flaw wasn’t exclusive to Intel’s chips: Indeed, it reportedly affects nearly all microprocessors in circulation, according to the New York Times.
Here’s a succinct explanation of the problems that we published earlier this week:
4. We’re dealing with two serious threats. The first is isolated to #IntelChips, has been dubbed Meltdown, and affects virtually all Intel microprocessors. The patch, called KAISER, will slow performance speeds of processors by as much as 30 percent.
5. The second issue is a fundamental flaw in processor design approach, dubbed Spectre, which is more difficult to exploit, but affects virtually ALL PROCESSORS ON THE MARKET (Note here: Intel stock went down today but Spectre affects AMD and ARM too), and has NO FIX.
Users may have been wary after reading last month about Apple admitting what was long suspected by many loyal customers: That the company intentionally engineers software updates to slow down older products, thereby hastening the cycle of planned obsolescence that has helped establish Apple as the world’s most valuable company.
But as it turns out, the software update was designed to try and plug some of the security holes resulting from Intel’s Meltdown flaw.
Specifically, Apple issued updates for the iOS 11.2, macOS 10.13.2 and tvOS 11.2 systems to protect against Meltdown, which the company believes “has the most potential to be exploited.”
According to Bloomberg, despite concern that fixes may slow down devices, Apple said its update to address the Meltdown issue haven’t dented performance. The company will release an update to its Safari web browser in coming days to defend against the Spectre flaw described above.
As noted, while Macs and iOS devices are vulnerable to Spectre attacks through code that can run in web browsers, Apple said it would issue a patch to its Safari web browser for those devices “in the coming days.” However, Apple said these steps could slow the speed of the browser by less than 2.5%.
The updates affected all iPads, iPhones, iPod touches, Mac desktops and laptops, and the Apple TV set-top-box. The Apple Watch, which runs a derivative of the iPhone’s operating system is not affected, according to the company.
Browser makers Google, Microsoft Corp and Mozilla Corp’s Firefox all told Reuters that the patches they currently have in place do not protect iOS users. With Safari and virtually all other popular browsers not patched, hundreds of millions of iPhone and iPad users may have no secure means of browsing the web until Apple issues its patch.
— Miguel de Icaza (@migueldeicaza) January 4, 2018
Still, some customers were angry at tight-lipped Apple PR’s reticence on the issue following the revelations about the chip flaws earlier this week.
Ben Johnson, co-founder and chief strategist for cyber security firm Carbon Black, said the delay in updating customers about whether Apple’s devices are at risk could affect Apple’s drive to get more business customers to adopt its hardware.
“Something this severe gets the attention of all the employees and executives at a company, and when they go asking the IT and security people about it and security doesn’t have an answer for iPhones and iPads, it just doesn’t give a whole lot of confidence,” Johnson said.
Finally, Apple stressed that there were no known instances of hackers taking advantage of the flaw to date. For Apple’s sake this better remain the case or else sellside analysts may just have to lower their iPhone sales forecasts for the foreseeable future.
* * *