Meltdown and Spectre: All Mac devices affected, says Apple

Hardware fixes are by nature much slower and more difficult than software fixes. tcareob72/Thinkstock

Hardware fixes are by nature much slower and more difficult than software fixes. tcareob72/Thinkstock

Macs and iOS devices are vulnerable to Spectre attacks through code that can run in web browsers including Apple's own Safari.

Apple Inc will release a patch for the Safari web browser on its iPhones, iPads and Macs within days, it said on Thursday, after major chipmakers disclosed flaws that leave almost every modern computing device vulnerable to hackers.

The security vulnerabilities apply to all modern computer processors and affect almost all computers and smartphones, leaving tech companies scrambling to find a fix.

Mac users have often believed that their devices and operating systems are less vulnerable to security issues than, for example Android phones or computers running Microsoft systems.

On Wednesday, Alphabet Inc's Google and other security researchers disclosed two major chip flaws, one called Meltdown affecting only Intel Corp chips and one called Spectre affecting almost all computer chips made in the last decade.

Apple has promised to roll-out security patch for Safari browser application to help defend against Spectre soon.

Cloud administrations possessed by Amazon, Microsoft, and Google itself have additionally been utilizing Project Zero's examination to make and issue patches for their servers, while numerous other littler cloud suppliers who had not been beforehand told about the defect are now scrambling to fix their machines.

Apple's statement also said there are no known exploits now impacting customers. "We proceed to create and test encourage alleviations for these issues and will discharge them in up and coming updates of iOS, macOS, tvOS, and watchOS", the article states. " However, the Apple Watch is not affected by Meltdown bug". The company has also issued updates on iOS, MacOS, tvOS to protect customers against these flaws.

There is no evidence that the flaws - which affect computer processors built by Intel and ARM - have been exploited by hackers, though companies including Microsoft have been working to provide fixes.

Researchers at Google's Project Zero and academic institutions including the Graz University of Technology in Austria discovered the problem previous year and disclosed it Wednesday. These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.

Latest News