At the time, Apple confirmed that it silently introduced “mitigations” in previous updates to iOS, macOS and tvOS to help better defend against the Meltdown vulnerability.
Two serious security issues with its chips that could have implications for almost everyone touched by computing. Its technological reach means that both Meltdown and Spectre could affect just about anyone who uses the internet.
Two hardware bugs were discovered on the chipsets that essentially enable the memory of a computer to be leaked. Since the announcement, a fourth variant of Meltdown – dubbed Variant 3a – has been developed, extending the attack to selected non-Intel processors as well. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.
Modern processors are created to perform “speculative execution”.
So far, the CEOs aren’t running away from the bug, and they’re being transparent about it. But this technique also permits access to data that are normally isolated. Malware has to be present on a machine for it to be vulnerable to the attacks. Krzanich noted that there’s no evidence that Meltdown or Spectre have ever been used to steal customer data in real life, and that Intel plans to keep it that way. Amazon has also issued fixes for its cloud servers. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,”said the company in a blog post”.
Google’s Project Zero has proof-of-concept (PoCs) exploits that work against certain software.
There is no evidence so far that hackers have maliciously exploited these flaws.
“Because chip replacements are not going to happen tomorrow, realistically, software is being updated”, Sitaram Chamarty, a Tata Consultancy Services security researcher, told CNNMoney. Nexus and Pixel devices can automatically download the update.
The patches fix the Safari browser on OS X 10.11 El Capitan and macOS 10.12 Sierra, and macOS 10.13 High Sierra and iOS 11 overall.
Apple users can now update their devices to protect against the Spectre vulnerability that was discovered last week.
Trend Micro says it’s highly advisable for everyone to install the emergency patch as soon as it is made available from the respective vendors.