Meltdown Flaws & Spectre affects Mac,ios devices confirmed by apple – IT Voice | Online IT Media

Meltdown Flaws & Spectre affects Mac,ios devices confirmed by apple

A major security flaw was reported to be residing in pretty much every Intel processor sold in the past decade. The chip maker confirmed the reports soon after saying that the exploits have the potential to “corrupt, modify or delete data”. The two flaws, code named ‘Spectre’ and ‘Meltdown’ are apparently inside all modern computing devices and operating systems, and Apple just announced that its Mac and iOS devices are affected as well.
In a note to its consumers, Apple confirmed that the exploits are present in its Mac and iOS devices, but there hasn’t been any reports of it affecting customers as of now. It added that for the exploits to actually do any damage, it requires a malicious app to be downloaded on you Mac or iOS device, and the company urges its users to download apps only through verified source like the App Store. Additionally, Apple says that iOS 11.2, macOS 10.13.2, and tvOS 11.2 updates have mitigations to protect against Meltdown.
Apple in its note also assures that its Apple Watch is not affected by Meltdown and that it plans to release mitigations in Safari to defend against Spectre. “We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS,” the company says. The company informs that the exploits use “speculative execution.” Project Zero researchers had previously noted that the technique is used by most modern CPUs to optimise performance.
Notably, Apple isn’t the only tech major working on “mitigating” the issue. Microsoft and Google are also working on releasing mitigations to protect users against the vulnerabilities. They use the term mitigate because the exploits are present within the processors’ architectures, making them extremely difficult to remove. At best, these companies can come out with software updates to avoid any new variations of the exploit, which there very well may be since Spectre and Meltdown have been present for a while now. As is the case, analysts now believe that the only way to fix the vulnerabilities is to redesign the chipsets and CPU makers may have to issue a massive recall if things get out of hand.
To bring you up to speed, researchers discovered the two exploits present inside core architectures of processors are able to grab that pass through in their unencrypted form, making it easy to expose pretty much any sensitive information like passwords stored in the computer’s protected memory. According to Google Project Zero, out of the two major flaws, Spectre is the most trickiest of the both as it affects AMD and ARM processors, while Meltdown only affects Intel processors.
ARM in a statement on Thursday assured that a majority of its processors have not been affected by Spectre or Meltdown, but is working with Intel and AMD to develop Defences against vulnerabilities. Meanwhile, AMD is said to have resolved a variant of Spectre via software and operating system updates, while another variant has “a near zero risk of exploitation” on its processors, the company said.