A billion Apples still vulnerable to hackers
Software update fails to fix Spectre bug as experts warn existing devices will always be at risk of attack
APPLE has warned that more than a billion iphones, ipads and Mac computers remain vulnerable to a microchip hacking risk, despite it releasing software updates a month ago.
The US technology giant said the “Meltdown” and “Spectre” bugs impact every device running the company’s IOS and MACOS operating systems, as well as its Apple TV set-top box.
Despite Apple rushing to issue a software update that partially tackles the first flaw – Meltdown – consumers could be targeted by cybercriminals for the foreseeable future because there is no known fix for the Spectre vulnerability.
The microchip bugs, which affect almost every computer processor in the world, from companies such as Intel and Britain’s Arm Holdings to software from Microsoft, Google and Apple, were disclosed earlier this week. They have been described by experts as one of the most serious security scares to date and sent shares in Intel, the world’s biggest microchip company, falling.
“These issues apply to all modern processors and affect nearly all computing devices and operating systems,” Apple said. “All Mac systems and IOS devices are affected, but there are no known exploits impacting customers at this time.”
It came as the Information Commissioner’s Office warned companies that they risk fines if customers’ data is put at risk by negligent IT practices such as failing to update software. “Failure to patch known vulnerabilities is a factor that the ICO takes into account when determining whether a breach of the seventh principle of the Data Protection Act is serious enough to warrant a civil monetary penalty,” the data watchdog said.
Apple said that a software update released in December for its IOS, MACOS and tvos operating systems would help guard against the vulnerabilities.
But it said it was still working on further fixes. Experts said that existing devices will never be safe from the Spectre flaw, since it relates to the design of the computer processor itself.
“There are many ways to reduce risk by making it harder for an attacker to exploit, but there’s no way to completely patch the vulnerability without replacing the processor itself,” said Ryan Kalember, cybersecurity strategy lead at Proofpoint.
Apple prides itself on the security of its iphones, of which it has sold more than one billion. Its gadgets tend to come with greater restrictions than rival devices, which the company says helps guard against hackers.
Programs can only be downloaded through the App Store, and must be approved by the company, for example.
However, the Spectre bug can be activated merely by visiting a website that is running malicious Javascript, a programming code commonly used to run online adverts as well as other applications.
Apple said it would introduce a software update to Safari, its web browser, that would help guard against Spectre.
Security researchers first discovered the bugs last year but they have only just emerged this week, since technology companies were given time to patch the problems.