Apple says Meltdown and Spectre flaws affect all Mac and iOS devices
Apple’s iPhones, iPads and Mac computers are all vulnerable to the major processor flaws revealed on Wednesday, the company has warned, but it says updates are already available.
The flaws known as Meltdown and Spectre affect almost every modern computing device from all manufacturers using chip designs from Intel, AMD and ARM. Apple uses Intel processors in its Mac computers and ARM-based designs for its A-series processors used in the iPhone, iPad, Apple TV and Apple Watchlines.
Apple said: “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.”
The company advised customers to download software only from trusted sources such as its iOS and Mac App Stores to help prevent hackers from being able to use the processor vulnerabilities.
In a support document, Apple said that iOS 11.2 released on 13 December, macOS 10.13.2 released on 6 December and tvOS 11.2 released on 4 December all protect against Meltdown for supported devices and that WatchOS did not need updating.
Apple said: “Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark.”
Users of Apple products are urged to update their devices with the latest software if they have not already. iOS 11.2 supports the iPhone 5S and newer, iPad Air and newer and the sixth generation iPhone Touch. MacOS 10.13.2 supports the iMac and MacBook from late 2009 or newer, the MacBook Pro, Mac Mini and Mac Pro from mid-2010 or newer and the MacBook Air from late 2010 or newer.
The Meltdown and Spectre flaws were discovered by security researchers at Google’s Project Zero in conjunction with academic and industry researchers from several countries. The details of the flaws were reported in June but were not made public until this week as developers scrambled behind the scenes to create fixes for the flaws and prevent their malicious use.