If you thought your MacBook or iPhone would be immune to the Meltdown and Spectre microprocessor flaws acknowledged earlier this week by Intel, you would be wrong.
The problems found in the chips could allow hackers to get access to passwords and other sensitive data stored on personal computers.
In a statement, released by Apple on Thursday, the company announced, “All Mac systems and iOS devices are affected.”
The good news is that “there are no known exploits impacting customers at this time” and that a change could come soon, according to Apple. The company says it has “already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre.”
Even so, as Devin Coldewey reports for TechCrunch: “If you’re wondering why people keep saying, ‘mitigate’ instead of ‘fix’ or ‘counteract’ or something, it’s because Meltdown and Spectre take advantage of computing practices so basic that avoiding them is extremely difficult and complex. And new variants of attacks may very well circumvent the protections companies have put together during the last few months during which the exploits were kept secret. The mitigations and patches will probably multiply.”
We wrote earlier that security researchers at Google and elsewhere discovered vulnerabilities in chips made by Intel, AMD, ARM Holdings and other companies. Intel said it was working to “develop an industry-wide approach to resolve [the] issue promptly.”
As NPR’s Laura Sydell reported for All Things Considered, “When you install a program on your computer, there’s generally a wall between it and other programs. But the security flaws, which were built into the chips from Intel, Advanced Micro Devices and ARM, allow one program to spy on another.”
Moritz Lipp of Austria’s Graz University of Technology is one of the researchers who found the flaw. He tells Sydell that the problem is found on millions of computers, as well as on smartphones and in loud storage provided by companies such as Google, Amazon Web Services, Apple and Microsoft. While a software patch might mitigate the problem, it is really a hardware issue.
“If you have an issue in hardware, it’s not very easy to just change the hardware because you already sold millions of CPUs. And you just can’t call them back and change them,” Lipp says.