Research

Apple Confirms Devices Affected by Meltdown, Spectre

Apple Confirms Devices Affected by Meltdown, Spectre

Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown.

Yesterday it was revealed that the large majority of the devices that we use powered by Intel, AMD and ARM processors are vulnerable to attacks via two security flaws - named Meltdown and Spectre.

The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which can not be fully resolved as of yet. Microsoft said users should check with their computer manufacturers for more information.

Apple has released some patches to mitigate the Meltdown flaw. While many companies have rushed to patch against Meltdown, which specifically affects Intel chips and lets hackers access the memory of apps being used by an operating system, Spectre is more stubborn.

More news: 'The Handmaid's Tale' wins best TV drama Globe

"We are actively incorporating and deploying mitigations against the vulnerabilities for our impacted products, and we continue to work to strengthen them as possible", a spokesperson told CNBC in an email. The issue was discovered by Google and academic researchers past year, and they had been working with the tech firms to try to put a fix in place before releasing any information on the problem. And although security patches exist for devices running Linux, Windows and Apple's OS X, the researchers said, the fix may slow down their performance by as much as 30 percent, according to some estimates.

For now, there's only one thing you can do: Update your devices and browser software when the updates are made available.

While the defect exists in the hardware, mitigations in operating systems are possible and are now available. It is working on updates for Safari to protect users against Spectre and expects to release them "in the coming days". However, no such update has been issued by Mozilla for Firefox for iOS. The flaws affect modern processors including Intel, AMD and ARM that use "speculative execution" to enhance performance. While Google has already issued security updates to protect against these attacks, browsers need to push updates to protect attacks through JavaScript.

In a post on the company's website Wednesday, AMD said that one variant of the Spectre vulnerability was resolved by software and operating system updates. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix. It may not block everything - new threats emerge all the time - but making things more hard for those who want to spread bad software isn't something you should dismiss.