- Apple confirmed Thursday that its devices were affected by the same processor security flaw Google discovered that became public this week.
- The company has already issued patches in the latest versions of its MacOS, iOS, and tvOS operating systems that address one of the two potential exploits Google found for the flaw.
- Apple says the fixes don’t affect the performance of its devices.
Yes, your iPhone or Mac suffers from the same processor security flaw that affects other smartphones and computers.
Apple on Thursday confirmed that Meltdown and Spectre – the Google-discovered attacks that exploit a security flaw that affects almost every device with a processor – could be used against its devices too. Those exploits could be used to reveal sensitive information including passwords and photos.
“All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” Apple said in a blog post that represented its first public comment on the processor vulnerability.
Apple tried to calm potential fears about the vulnerability, noting it had already taken action to protect against it. The latest versions of its mobile, desktop, and Apple TV operating systems – iOS 11.2, macOS 10.13.2, and tvOS 11.2, respectively – all contain fixes meant to mitigate the Meltdown exploit in particular. Apple has already released all of those updates, so if you own any of those devices, you can protect them by making sure your operating system is up-to-date.
Apple Watch isn’t vulnerable to the Meltdown attack, the company said.
Apple hasn’t issued any fixes that would specifically address the Spectre exploit. While that attack is thought to be more difficult to pull off, it’s also harder to guard against, and Apple Watch is as vulnerable to it as the rest of Apple’s product line. Apple, however, says it planning to test and release fixes that address the Spectre exploit soon.
To glean sensitive data from your devices, both the Meltdown and Spectre attacks require them to already be running malicious code. The most likely way that malicious code could get on your device would be through a web browser; Apple plans to issue a fix for Safari on Macs and iOS devices in coming days that would address that threat.
To further protect your devices, it’s best to download software only from places you trust. On the iPhone and the iPad, that means the safest thing to do is to only get your software from Apple’s App Store.
When the chip vulnerability was first starting to be discussed publicly, some cybersecurity researchers said a fix for it could reduce the performance of affected systems by as much as 30%. Apple, though, says it hasn’t seen any effect on the performance of its devices from the fixes it applied.
“Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS,” the company said in its blog post.
Earlier Thursday, both Amazon and Google reported that they, too, found worries that fixes to the chip vulnerability would affect performance were overblown.