All iPhones and iPads affected by Meltdown and Spectre, says Apple

Share

Known as "Spectre" and "Meltdown," the issues "apply to all modern processors and affect almost all computing devices and operating systems", Apple said in a press release.

"This issue is so widespread it's only a matter of time before it's used in attacks".

While Meltdown is specific to Intel chips, Spectre affects chips from Intel, AMD and Arm.

So what does one of the biggest security vendors have to say?

"NCSC advises that all organisations and home users continue to protect their systems from threats by installing patches, as soon as they become available". The federal organization says that "fully removing the vulnerability" requires replacing the hardware already embedded in millions of computing devices. While it's unlikely there would be full files stored there, it's very possible it would find bits and pieces of valuable data, like SSH keys, security tokens and even passwords.

For starters, make sure your iPhone, iPads, computers and all apps you use are kept up to date to help protect against hackers exploiting the flaws. None of these vulnerabilities have yet to be exploited in the wild. So far, it has not received any reports of attacks due to the two critical flaws, dubbed Meltdown and Spectre.

The flaws were first reported by tech publication The Register.

The microprocessor architecture flaws under intense speculation now have names - Meltdown and Spectre - as well as details, patches and mitigation techniques, although serious concern remain.

However, there are now no known attacks that have exploited these flaws, according to the Google researchers.

Amazon's AWS cloud computing service expected all its computing systems to be patched by the end of the day Wednesday. Specifically, Meltdown has to do with the way a user app interacts with the operating system and can provide unauthorized access to the memory for unscrupulous programs.

But given the Metldown and Spectre flaws being found in every new processing units made by Intel and ARM, almost every single computer could be affected. Apple had been mum on the issue until this evening when a support document confirmed that all Mac systems and iOS devices were vulnerable. It can, therefore, be hard to know who to believe, what is safe to use, and what isn't.

Issuing the alert yesterday, the Singapore Computer Emergency Response Team (SingCert) said: "The vulnerabilities enable attackers to steal any data processed by the computer".

"As they are hardware bugs, patching is a significant job".

Jake Williams, founder of consulting firm Rendition InfoSec LLC in Augusta, Ga., expanded on this to explain that Meltdown was able to read physical memory, including kernel memory, while Spectre "can only read memory from the current process, not the kernel and other physical memory".

But there will be stumbling blocks: On Thursday, some Microsoft Azure customers reportedly said machines failed to come back online after receiving a patch.

Share