Apple fans beware: Apple confirmed all iPhones, iPads and Macs are at risk from Spectre chip vulnerabilities

On Thursday, Apple confirmed that all iPhones, iPads and Macs are at risk from Spectre chip vulnerabilities. So far, there are no known exploits. In a post on its website, the company said all Mac computers and iOS devices, like iPhones and iPads, are affected by Meltdown and Spectre bugs. Apple is currently working on fixes, and there will be very little or no impact on performance, Apple said.  Based on initial analysis of the two security flaws, Apple noted, “Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser.”

The vulnerabilities resulted from two major flaws, called Meltdown and Spectre, found in the CPU which could leave a huge number of computers and smartphones vulnerable to hacking, a U.S. government-backed research group said.  The flaws could allow an attacker to read sensitive data stored in the memory, like passwords, or look at what tabs someone has open on their computer, researchers found. Meltdown flaw was first reported by a researcher from Graz University of Technology, Daniel Gruss. He helped identify the flaw and said it may be difficult to execute an attack, but billions of devices were impacted.

In a post on its website, Apple said updates to its operating systems for iPhones (iOS 11.2), Macs (macOS 10.13.2), and Apple TVs (tvOS 11.2) would defend against Meltdown. These updates do not slow down the devices, it added, and Meltdown does not affect the Apple Watch.

In a support document on its website, Apple provided a detailed analysis about the speculative execution vulnerabilities in ARM-based and Intel CPUs:

Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.

You can read more about the vulnerabilities and what Apple is doing to address the flaws on Apple website