Apple Confirms iOS Devices, Macs Susceptible To Meltdown And Spectre CPU Security Vulnerabilities
Unless you perform high level calculations on an abacus, chances are high that yes, you are affected by the recently disclosed Meltdown and Spectre vulnerabilities. Between the two, practically every modern processor is vulnerable, including Intel CPUs dating back more than a decade, along with AMD and ARM chips. And yes, if you are entrenched in the Apple ecosystem, you too are affected by all this. But don't just take our word for it—in case there remains any question, Apple confirmed that its platforms are not immune.
"Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time," Apple stated on its support site. "Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store."
Sound advice, and we have several tips of our own, when you have a spare moment (they're outlined here). As it pertains to Apple devices, the company claims that it already released several mitigations in previous OS updates, specifically iOS 11.2, macOS 10.13.2 High Sierra, and tvOS 11.2. All of these have security tweaks in place to protect users against Meltdown, which for the time being seems to only affect Intel processors.
Spectre casts a wider net and also brings AMD and ARM hardware into the fold, alongside Intel. However, it's more difficult to exploit ("extremely difficult," according to Apple). Nevertheless, Apple says it plans on releasing mitigations in Safari to help defend against Spectre, so keep an eye out for upcoming updates.
"We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS," Apple added.
This whole thing has been an unfortunate situation that requires a fundamental reworking of hardware to truly combat against. Future processor releases will undoubtedly take that into consideration. In the meantime, hardware and software vendors are scrambling to dole up security patches to protect users. There have been reports of a potentially significant performance impact, though Intel maintains that most people will not notice a change, and that the performance hit is highly workload dependent.