Apple: all iOS and Mac devices are vulnerable to Meltdown and Spectre chip bugs
Apple has confirmed that all of its Macs, iPhones and iPads are affected by the recently revealed Meltdown and Spectre vulnerabilities. The company points out that while a huge number of devices are affected, there are "no known exploits impacting customers at this time."
Just as Microsoft has already pushed out an emergency patch for Windows 10 users -- with Windows 7 and 8 to follow soon -- Apple has already rolled out some patches for Meltdown with iOS 11.2, macOS 10.13.2, and tvOS 11.2. An update to Safari to protect against Spectre is promised in the coming days.
See also:
Apple says that there will also be further updates to tvOS, iOS and macOS as further testing and development is carried out. The company says that watchOS is not affected by Meltdown. It also repeats its frequent advice that Apple customers should only obtain their apps from official sources to avoid the risk of malware:
Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.
There has been a great deal of talk about whether the patches that are developed for Meltdown and Spectre will result in a performance hit for users. Apple says that this is not the case for iOS or macOS:
Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.
The upcoming Spectre patch for Safari, however, will impact upon performance, albeit only very slightly. Explaining the bug and the patch, Apple says:
Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques. Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5 percent on the JetStream benchmark. We continue to develop and test further mitigations within the operating system for the Spectre techniques, and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.
Image credit: Novikov Aleksey / Shutterstock