Apple finally confirmed that ‘Meltdown’ and ‘Spectre’ affects both Mac & iOS devices. The CPU flaw in Intel Chips has hogged the headlines in the tech industry for the past few days now.
Here’s Apple’s statement on the matter:
Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems.
All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.
Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.
What’s still not confirmed by the statement is whether these issues have been addressed in the older version of iOS & Mac.
The giants of the tech industry, Intel, Apple, Linux, and Microsoft have been aware of these vulnerabilities for several months and had been working on a fix before the news spread publicly.
Meltdown & Spectre are major vulnerabilities that take advantage of the speculative execution mechanism of the CPU. Manufacturers of the operating system are required to implement software workarounds for these hardware issues
The processor performance can be saved by these software workarounds, but Intel suggests that veryday users will not see any serious slowdowns. Apple clarifies that there is no measurable impact detected in MacOS and iOS.
Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation. Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.
The meltdown issue allows malicious programs to read kernel memory and can easily access private date. Apple intends to release Safari updates for macOS and iOS to stop Spectre-based exploits.
The iPhone manufacturer also said it will keep on testing further mitigations for Spectre and will release them in a future version of iOS, macOS, tvOS, and watchOS.