Apple’s iPhones, iPads and Mac computers are said to be vulnerable to the main processor flaws revealed earlier this week on Wednesday, the corporation has cautioned, but it pronounces updates are now available, to rectify the matter.
The flaws are known as Meltdown and Spectre and affects almost every modern computing device from all manufacturers using chip designs from Intel, AMD and ARM. Apple currently uses Intel processors in Mac computers and ARM-based designs for its A-series processors used in the iPhone, iPad, Apple TV and the line of Apple Watch.
Apple said: “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.”
The company instructed clients to download software from reliable sources such as its iOS and Mac App Stores to avoid hackers from being able to use the CPU exposures. In a support document, Apple said that iOS 11.2 released on 13 December, macOS 10.13.2 released on 6 December and tvOS 11.2 released on 4 December all protect against Meltdown for supported devices and that WatchOS did not need updating.
Apple said it has been developing protections to counter the Spectre flaw for its Safari browser for iOS and macOS, and would release them in the coming days to help sojourn probable exploitation via JavaScript running in the browser from a website.
Apple said: “Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark.”
Users of Apple products are advised to update their devices with the newest software if they have not already. iOS 11.2 supports the iPhone 5S and newer, iPad Air and newer and the sixth generation iPhone Touch. MacOS 10.13.2 supports the iMac and MacBook from late 2009 or newer, the MacBook Pro, Mac Mini and Mac Pro from mid-2010 or newer and the MacBook Air from late 2010 or newer.
The Meltdown and Spectre flaws were exposed by security investigators at Google’s Project Zero in conjunction with academic and industry researchers from several countries. The facts of the flaws were stated in June but were not made public until this week as developers scrambled behind the scenes to generate fixes for the defects and prevent their malicious use.
