Apple confirms all Macs, iPhones and iPads affected by security flaws
Image credit: Dreamstime
The company has announced that all Macs, iPhones and iPads are affected by the two security flaws – which affect nearly all Intel chips– and issued fixes for the latest editions of its operating systems.
The security flaws affect nearly all computers in the world; according to the International Data Corporation, 90 per cent of PCs use chips manufactured by Intel. Most Intel chips manufactured since 1995 carry these flaws.
The flaws, known as ‘Meltdown’ and ‘Spectre’, could leave PCs and other devices vulnerable to hackers, who could access stored data on a device or network. Meltdown affects computers and networks, while Spectre also affects phones and tablets using Intel chips.
Meltdown and Spectre allow for access to protected memory, including that of the kernel – which has complete control over a system – and therefore the extraction of data from other programs.
“If a third party gains access to an Intel, ARM or AMD processor with a suitable crafted code that is allowed to execute, the code can be instructed to copy some of the kernel RAM (core but temporary memory) of the appliance and potentially export the same data,” said Mike Simmonds, CEO of Axial Systems.
“If the software knows exactly where and what to look for, the data exported will remain unstructured and without context so a large amount of post-exfiltration processing will be undertaken to successfully exploit what has been extracted.”
According to the UK National Cyber Security Centre, no security breaches have been reported. Apple has also stated that Meltdown and Spectre have not been exploited on its devices.
“All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” Apple stated on its website. “Since exploiting many of these issues requires a malicious app to be loaded […] we recommend downloading software only from trusted sources such as the App Store.”
Apple has joined other tech firms in rushing to issue patches for the flaw. Devices using the latest editions of macOS and iOS are now protected, the company confirmed, and the Apple Watch is not affected.
Criticism has been levelled at Intel as it emerged that Meltdown and Spectre have been known about since at least June 2017. In this time, Brian Krzanich, CEO of Intel, sold a large portion of his shares in the company. According to Intel and Google, the problem – which Intel denies is a “flaw – were to be made public next week, once security updates had been prepared.
Intel is working with its partners AMD and ARM to release security updates to fix the flaw, and have said that 90 per cent of affected chips from the past five years will have been fixed by next week, making them “immune” to exploitation.
There is concern that these patches will slow down processing speeds by five to 30 per cent, due to altering the means by which operating systems communicate with the kernel. According to Intel, however, “average” users will notice little slowdown.
In time, the company said, some of the fixes will be integrated into its hardware.
“Almost everybody is affected by these bugs, in ways researchers are only just discovering. It is of the upmost importance that updates are applied in a timely manner,” said Gavin Millard, technical director at Tenable.
“With a possible decrease in processing speeds caused by addressing the flaws, organisations that rely on cloud platforms could be facing a significant impact from the increase in the number of workloads required to complete tasks.”
Apple has said that its mitigations issued so far have not have an impact on performance speed.