by Mark Fairlie
Apple customers have been warned about a major processing flaw recently discovered in a range of their mac and iOS devices.
The company announced last week that iPhones, iPads and Mac computers are all at risk, however, new security updates are already being made available to the public by the company.
Which devices are affected?
The two security flaws, known as Meltdown and Spectre, are known to affect almost all modern computing devices with Intel, AMD and ARM chip designs.
Apple uses Intel processors in their Mac computers and ARM-based processor designs in the iPhone, iPad, Apple Watch and Apple TV; meaning all of their products are at risk.
Apple announced last week that whilst “all Mac systems and iOS devices are affected” by both Meltdown and Spectre, there are “no known exploits impacting customers at this time”.
What do Meltdown and Spectre do?
Processors are the chips inside devices that carry out computer program instructions. They are essentially the brain of your computer or smartphone.
Meltdown is a design flaw inside a device’s processor. This flaw gives hackers an opportunity to break through a device’s security barriers that allows applications on it to communicate with the core memory.
Daniel Gruss from the Graz University of Technology was one of the researchers who discovered the Meltdown flaw. He has said it is “probably one of the worst CPU bugs ever found”, and that Meltdown requires immediate attention.
Spectre also affects all modern processors and it can be used to trick device applications into releasing sensitive data to the hacker.
Although it is harder for cybercriminals to exploit the Spectre flaw, it is also much more difficult to fix than Meltdown.
How can devices be protected?
Apple released a statement on their website confirming that all of their devices were affected by the two flaws but that no actual incidents had yet been reported.
The company also said many of these processor security issues require a “malicious app to be loaded” onto the device before a hacker can take advantage of them. Apple recommends their customers download software from “only from trusted sources” such as the iOS and Mac App Stores to keep their data safe.
The latest Apple updates – tvOS 11.2 released on 4th December, iOS 11.2 released on 13th December, and macOS 10.13.2 released on 6th December – have been designed to protect supported devices against Meltdown.
These updates are available for all supported iPhone, iPad, Mac computers and Apple TV devices. Apple also confirmed that WatchOS did not need updating to defend against the Meltdown flaw.
As for Spectre, Apple has said they are still in the process of developing new protections. The company have, however, stated that the iOS 11.2.2 update includes “security improvements to Safari and WebKit to mitigate the effects of Spectre”.
Apple has also announced that they will “continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, MacOS, tvOS, and WatchOS.’