Apple says Meltdown and Spectre flaws affect all Mac and iOS devices

Updates to protect against Meltdown flaw available for supported iPhone, iPad, Mac computers and Apple TV devices, with more protections being developed

Apples iPhones, iPads and Mac computers are all vulnerable to the major processor flaws revealed on Wednesday, the company has warned, but it says updates are already available.

The flaws known as Meltdown and Spectre affect almost every modern computing device from all manufacturers using chip designs from Intel, AMD and ARM. Apple uses Intel processors in its Mac computers and ARM-based designs for its A-series processors used in the iPhone, iPad, Apple TV and Apple Watch lines.

Q&A

What can I do about the Meltdown and Spectre flaws?

Users can do little to avoid the security flaws apart from update their computers with the latest security fixes as soon as possible. Fixes for Linux and Windows are already available. Chromebooks updated to Chrome OS 63, which started rolling out in mid-December, are already protected.

Android devices running the latest security update, including Googles Nexus and Pixel smartphones, are already protected. Updates are expected to be delivered soon. Users of other devices will have to wait for the updates to be pushed out by third-party manufacturers, including Samsung, Huawei and OnePlus.

An update from Apple on what is needed for its Mac computers and iOS devices is expected.

Apple said: All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.

The company advised customers to download software only from trusted sources such as its iOS and Mac App Stores to help prevent hackers from being able to use the processor vulnerabilities.

In a support document, Apple said that iOS 11.2 released on 13 December, macOS 10.13.2 released on 6 December and tvOS 11.2 released on 4 December all protect against Meltdown for supported devices and that WatchOS did not need updating.

Apple said it was developing protections against the Spectre flaw for its Safari browser for iOS and macOS, and would release them in the coming days to help stop potential exploitation via JavaScript running in the browser from a website.

Apple said: Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark.

Users of Apple products are urged to update their devices with the latest software if they have not already. iOS 11.2 supports the iPhone 5S and newer, iPad Air and newer and the sixth generation iPhone Touch. MacOS 10.13.2 supports the iMac and MacBook from late 2009 or newer, the MacBook Pro, Mac Mini and Mac Pro from mid-2010 or newer and the MacBook Air from late 2010 or newer.

The Meltdown and Spectre flaws were discovered by security researchers at Googles Project Zero in conjunction with academic and industry researchers from several countries. The details of the flaws were reported in June but were not made public until this week as developers scrambled behind the scenes to create fixes for the flaws and prevent their malicious use.

Read more: https://www.theguardian.com/technology/2018/jan/05/apple-mac-spectre-meltdown-iphone-ipad-hackers