Apple says iOS is vulnerable to Meltdown and Spectre issues

Adjust Comment Print

If this wasn't enough proof that Apple devices are safe from the flaw, take a look at this tweet from software developer Alex Ionescu, who says his studies of macOS code show Apple introduced a fix for the CPU flaw in the release of macOS 10.13.2, and there are additional tweaks set to be introduced in macOS 10.13.3, which is now in beta testing. According to Google's Project Zero security team, in a worst case scenario the flaws could be exploited to reap sensitive information from these commands-in-waiting. According to the researchers, the Meltdown flaw affects virtually every microprocessor made by Intel, which makes chips used in more than 90% of the computer servers that underpin the internet and private business operations. However, owners of Google Chrome OS and Android devices are advised to take necessary actions. Spectre, meanwhile, apparently can not be fixed with a software update.

To update your Windows 10 system, go to Settings Update & Security Windows Update Check for updates. But most importantly, make sure all of your software-operating systems and browsers specifically-are up to date at all times.

While the protection this patch offers is a good first step, your Windows PC won't be fully protected until a firmware update is applied as well.

Today's analyst note from Barclays says that while Intel and AMD clearly don't see eye to eye about the details of the vulnerability, it doesn't believe the situation will result in a negative financial impact (particularly for Intel).

Both ARM and AMD have released updates to its vendors and manufacturers to mitigate the flaws, but users of affected Chinese smartphones will have to wait until the respective companies push out the updates to their devices.

Customers of Microsoft, the maker of the Windows operating system, will need to install an update from the company to fix the problem. This general objective technique is already live on the "entire fleet of Google Linux production servers that support all of our products, including Search, Gmail, YouTube, and Google Cloud Platform". To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed.

Fixes: Available for iPhones, iPads, Macs, and Apple TV. Apple says that despite fears from users, these updates have not slowed down the performance of the Apple devices that received them.

ARM said in a public statement that the "majority of ARM processors are not impacted", while AMD reassured users that the "described threat has not been seen in the public domain".

The following chart shows the significant impact on CPU usage of one of our back-end services after a host was patched to address the Meltdown vulnerability. The company said it will soon release a new version of its Safari web browser to protect customers against Spectre. To turn it on, type chrome://flags/#enable-site-per-process into your Chrome browser bar and select the box next to "Strict site isolation". Microsoft also released a patch and security advisory for Windows, but noted that there is an issue with some "incompatible anti-virus applications" that could leave devices unable to boot and has not pushed the patch to systems with known AV issues.