Meltdown and Spectre: Apple says every iPhone, iPad and Mac is affected by major processor flaws
Apple has admitted that all Mac computers, iPhones and iPads are affected by two major flaws discovered in almost all of the world's computer processors.
The news comes a day after it was revealed that a pair of flaws, called Meltdown and Spectre, had been found by cybersecurity researchers in almost all processors produced by Intel, as well as some made by ARM and AMD.
Apple is among numerous manufacturers who are racing to create and distribute software updates to prevent the flaws from being exploited by hackers. Google and Microsoft are also working on fixes for their products and cloud services, and Google says all Android devices with the latest security update installed are protected from the vulnerabilities.
Apple said in a blog post: "All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store."
Just a week earlier, the California company admitted it had slowed the performance of older iPhones to help protect their battery life, and would begin replacing batteries at a discounted rate for any customer who wanted one.
The company went on to say it has released "mitigations" in iOS 11.2, macOS 10.13.2 and tvOS 11.2 "to help defend against Meltdown" and added that the Apple Watch is not affected. "In the coming days we plan to release mitigations in Safari to help defend against Spectre," the company added.
Apple said it will "continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS and watchOS.
What are Meltdown and Spectre?
Discovered by a team of security researchers working with Graz University of Technology in Austria, the flaws are called Meltdown and Spectre, the latter of which covers two separate types of vulnerability.
A dedicated website produced by the university states: "These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."
Speculative execution
The problem lies in a system called speculative execution. This is where a processor predicts which calculations it could do subsequently instead of sequentially. The calculations are then solved in advance if the processor thinks this will save time; some power is wasted, but the task is completed more quickly, to the benefit of the user. The problem lies in how processors don't check permissions correctly while completing these calculations out of order, leaving information about speculative commands in the open and potentially visible to malicious applications.