While that may not seem like news – sure aren’t we always fending off one threat or another – the difference this time is that it’s not software that’s to blame. It may be likely that macOS 10.13.3 includes more patches and Apple could make a public announcement then.
What exactly is going on?
The security gap allows access to a computer’s memory, which could reveal confidential information and security data.
There are two separate problems. The Meltdown exploit has been shown to work in a variety of ways, while Spectre uses some similar ideas but fundamentally works in a different fashion.
Meltdown allegedly affects all systems running Intel x86 chips and is present across all popular operating systems, including Windows, Linux and macOS.
Speaking to TheJournal.ie, Honan said “there’s the potential that applying the patches could impact the performance of the machines”, noting that older machines or those already under a lot of pressure may be particularly affected.
Multiple millions of computing devices worldwide are affected by two security vulnerabilities in processors, known as Meltdown and Spectre.
Mo Jia, a Shanghai-based analyst with industry consultancy Canalys, said Android-based Chinese smartphones are mostly affected by Spectre, a security flaw that is more hard for hackers to exploit but is also more challenging to fix. The company has already released OS updates to protect users from the Meltdown attack, and a patch for Spectre will arrive “in the coming days”.
“We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS and watchOS”, the company said.
Brewer and other security researchers say immediate action needs to be taken to avoid a “very serious timebomb” that could be exploited by opportunistic hackers. It was first discovered by Project Zero in June previous year.
There is no fix for Spectre, and while a patch is available for Meltdown, it could slowdown computer operating performance by up to 30%, said analysts. None of these vulnerabilities have yet to be exploited in the wild.
“As soon as we learned of this new class of attack, our security and product development teams mobilized to defend Google’s systems and our users’ data”. On the iPhone and iPad, that means the safest thing to do is to only get your software from Apple’s App Store.