Apple has confirmed that its devices are also affected by the design flaw vulnerability which affects Intel, AMD and ARM CPUs. The company released a statement on its blog post, which said that the ‘Meltdown and Spectre’ security flaw affects their iOS devices and Mac systems, however, there are no known exploits which are affecting their customers.
Apple has already released mitigation for the Meltdown vulnerability with iOS 11.2 (for iPhones), macOS 10.13.2 (Macs), and tvOS 11.2 (Apple TV). The Apple Watch is not affected by the flaw and the company plans to soon release a patch for Safari to help defend against Spectre. The updates will cause no significant impact on the performance of their devices, says Apple.
“Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques. Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark. We continue to develop and test further mitigations within the operating system for the Spectre techniques and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS. ” Apple stated in its blog post.
Apple notes that in order to exploit the ‘Meltdown and Spectre’ vulnerabilities on iOS and Mac devices, attackers will need a malicious app installed on a user’s device. The company advised installing apps only from trusted sources such as its online App Store, which checks programs and apps for safety.
The new design vulnerabilities for Intel, AMD And ARM-based processors was recently disclosed by security researchers. They said that a set of security flaws could let hackers steal sensitive information from almost every device running on an Intel chip, AMD chip or ARM architecture. Only Intel chips are vulnerable to the security flaw named Meltdown, whereas Spectre affects desktops, smartphones, tablets, and laptops, along with internet servers running on Intel, AMD or ARM architecture. You can read more about the vulnerabilities here.