Apple’s iPhones, iPads and Mac computers are all vulnerable to the major processor flaws, but updates are already available. The flaws known as Meltdown and Spectre affect almost every modern computing device from all manufacturers using chip designs from Intel, AMD and ARM. Apple uses Intel processors in its Mac computers and ARM-based designs for its A-series processors used in the iPhone, iPad, Apple TV and Apple Watch lines.
The company advises customers to download software only from trusted sources such as its iOS and Mac App Stores to help prevent hackers from being able to use the processor vulnerabilities. Apple has said that they are developing protections against the Spectre flaw for its Safari browser for iOS and MacOS, and would release them in the coming days to help stop potential exploitation via JavaScript running in the browser from a website. Users of Apple products are urged to update their devices with the latest software if they have not already.
iOS 11.2 supports the iPhone 5S and newer, iPad Air and newer and the sixth generation iPhod Touch. MacOS 10.13.2 supports the iMac and MacBook from late 2009 or newer, the MacBook Pro, Mac Mini and Mac Pro from mid-2010 or newer and the MacBook Air from late 2010 or newer.
There are three separate potential security issues at play here, one named Meltdown and two named Spectre. They all take advantage of something called speculative execution. Basically, modern CPUs try to speed things up by taking educated guesses to predict what the next operation will be, and will go so far as to execute them ahead of time. If the prediction is correct, the CPU has an answer all ready to go. If it’s incorrect, the “speculative execution” is removed. The whole process is nearly instantaneous and should be invisible to the software and OS. The Meltdown and Spectre bugs allow hackers to read and access this information in the OS kernel memory by taking advantage of the delay in its rollback.
The Meltdown and Spectre flaws were discovered by security researchers at Google’s Project Zero in conjunction with academic and industry researchers from several countries. The details of the flaws were reported in June but were not made public until this week as developers scrambled behind the scenes to create fixes for the flaws and prevent their malicious use.
If you have a PowerMac G5 or an iPhone 3GS, you’re probably okay, but all modern Macs and iOS devices are affected. While Meltdown mainly affects Intel-based Macs and PCs, in Apple’s case it also affects iOS devices. Spectre affects all iOS, macOS, and tvOS. WatchOS is unaffected by the Meltdown and Spectre flaws.
How do I protect my device/computer?!
Update your OS –
This is the obvious answer, but it’s also the best one. As we said, there is no real fix for Meltdown or Spectre, just ways to make exploits harder to pull off. Apple has already begun taking steps to protect users, but they will only be effective if they’re installed.
So, if you can update your Mac and iOS device to High Sierra and iOS 11, respectively, do so. Apple has squashed many of the early bugs and the latest versions are running smoothly, so if you want the best possible protection from Meltdown and Spectre, the latest version of the latest operating systems are the best way to do it.
Stay Vigilant –
As Apple says, the risk to users is fairly low, but the scale here is massive. With hundreds of million vulnerable devices, hackers are going to be working overtime to exploit these flaws, so be aware of a anything amiss with your device or accounts, and take the appropriate action if necessary.
Update Safari, Firefox and Chrome –
Apart from macOS, iOS, and tvOS, Apple is also updating Safari to address a possible Javascript exploit of the Spectre flaw. This will be arriving soon, so check the updates tab in the App Store app to install it once it arrives. Firefox 57.0.4 adds protections to that browser, and and Chrome 64 (to be released on January 23, 2018) will do the same for Google’s browser.
Don’t download apps from an entrusted seller –
Hackers can’t get into your system unless you let them in, so be mindful of where your apps are coming from, especially on the Mac. Obviously, the Mac App Store is the safest way to download apps, but there are a number of totally legit developers that offer apps outside Apple’s store. Most of them are safe to install, but you should do some research before hitting the download button. macOS already users by default when launching apps from unidentified developers, so pay attention to any prompts you get when opening an app for the first time.
Don’t hesitate to call us on 07 4124 3321 for any information!
Recent Comments