Apple says iOS is vulnerable to Meltdown and Spectre issues

Adjust Comment Print

Apple Inc will release a patch for the Safari web browser on its iPhones, iPads and Macs within days, it said on Thursday, after major chipmakers disclosed flaws that leave almost every modern computing device vulnerable to hackers.

"In terms of real-world risk, it's another day in information security", said Kenneth White, security researcher and co-director of the Open Crypto Audit Project. Because these processors and their architecture is commonly used on almost on smartphones, laptops, computers, etc it means every single known device is vulnerable to these exploits. Bearing in mind the number of chips with the flaw, the chances that your computer has a vulnerability are very high.

Researchers at Google's Project Zero and academic institutions including the Graz University of Technology in Austria discovered the problem previous year and disclosed it Wednesday.

Once you've run the file or added the registry key manually, your PC will receive the patches for the Meltdown and Spectre vulnerabilities.

But Google's findings are based on data from some real-deal, heavy-duty services that would be dramatically impacted by a major decrease in performance, including Gmail, Search, and YouTube.

Apple's statement also said there are no known exploits now impacting customers. Fortunately software patches do exist to prevent it from happening.

Microsoft has also released a set of Powershell one-liners that you can use to check if your PC installed the updates properly, or if you need additional firmware updates. Thus, the company will release updates to Safari on iOS and macOS "in the coming days". Now Apple has also issued a statement on the same saying all Macs and iOS devices are impacted by this security flaw. The company also downplayed concerns about slowed performance, noting that for the "average computer user" the impact should not be significant and will lessen over time.

These vulnerabilities do not result in instant hacks - they first require attackers to first compromise vulnerable devices by the usual methods such as tricking users into running malware or visiting malicious sites. It is vital that users install any available patches without delay.

The tech and business worlds will likely be dealing with these flaws for years to come, but experts in the security community say that while the flaws are an interesting technical find and organizations should patch as soon as possible, it's still one of countless vulnerabilities. The defect affects the so-called kernel memory on Intel x86 processor chips manufactured over the past decade, The Register reported citing unnamed programmers, allowing users of normal applications to discern the layout or content of protected areas on the chips.

For starters, make sure your iPhone, iPads, computers and all apps you use are kept up to date to help protect against hackers exploiting the flaws.