Big chip flaws affect Apple
Meltdown and Spectre bugs require software update
The world has been ablaze with talk of the Meltdown and Spectre bugs, but what are they, and how
do they affect you? The vulnerabilities first came to light on 3 January 2018, when they were made public in the media. Affected hardware and software vendors had been made aware of the issues in the summer of 2017, but had been unable to release security patches in time.
Meltdown and Spectre are security vulnerabilities in the architectural design of modern CPUs. If taken advantage of, they could allow an application to read any information stored in your device’s memory, whether its authorised to or not.
That is, of course, a very serious weakness. Meltdown, for instance, could allow a hacker to gain access to your passwords, emails, photos and more as these are temporarily stored in the processor’s cache.
Spectre, meanwhile, is slightly different. Modern CPUs use something called branch prediction, which allows the chip to guess and prepare for the next instruction it will have to process, which can help it to work more efficiently. However, there is a chance that this could reveal private information that could be accessed by a malicious third party.
What compounds the problem is that these issues affect nearly every major chip vendor and operating system. Whether you have
a Mac or a PC, an Android phone or an iPhone, or even an Apple TV, it’s likely you’re affected.
Additionally, as the flaw exists at the hardware level, it requires either a serious software overhaul at the operating system level (which could lead to performance drops), or a new processor. Given how locked-down Apple’s devices tend to be, replacing the CPU is often not feasible.
What Apple is doing about it
Apple states that every Mac and iOS system is affected, including the iMac Pro. However, it also states that there are no known exploits in the wild yet – it appears that no one has taken advantage of the bugs in any large-scale way. Of course, that’s not to say that these issues won’t be exploited in the future.
At the time of writing, Apple has released patches for OS X El Capitan, macOS Sierra and macOS High Sierra, which mitigate the effects of the Meltdown bug. The patches address vulnerabilities in Safari and macOS that could be exploited by Meltdown. As well as that, Apple has also released an update to Safari (11.0.2) in macOS El Capitan and Sierra that fixes a vulnerability relating to Spectre.
To check which version of Safari is running on your Mac, open it and choose Safari > About Safari. The version number should be 11.0.2 or later to ensure that you are up to date and protected.
It has been reported that a number of patches to address the Meltdown and Spectre vulnerabilities could result in large performance drops. For instance, it has been estimated that some Intel chips could see a performance hit of between 5% and 30%, depending on the processor model and the task being attempted.
Fortunately, Apple insists that it has seen no performance degredations as a result of its patches for the Meltdown bug, both on macOS and iOS. As for Spectre, Apple says that your device’s performance may not be affected at all according to the Speedometer and ARES-6 benchmarks, but may dip by less than 2.5% according to the JetStream benchmarking suite.
What should you do?
As always with security vulnerabilities, it’s essential to ensure that your devices are as up to date as possible. Apple has released fixes for macOS, iOS and tvOS. Check the software update mechanism on your devices to ensure you have the latest system update and security updates installed; Apple posts details of what each fixes at bit.ly/applsecupd. Apple Watch is not affected, so there’s no patch for it.
This is one of the most serious issues to affect Apple’s devices for many years. While Apple has shown to be affected by a large security issue, the one positive is that its products aren’t nearly as badly affected as had been feared.
Apple states that every Mac and iOS system is affected, including the iMac Pro