Yesterday, Apple officially issued a statement on the Meltdown and Spectre bugs affecting ARM and Intel processors. In the latest support document, the company says ‘all Mac systems and iOS devices are affected,’ but there are none known exploits affecting customers at the moment.

Apple explains that since exploiting this problem requires a malicious app to be loaded onto devices, it advises its customers to only download software from trusted sources such as the App store.

All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.

Moreover, the company says it has already released patches for iOS 11.2, macOS 10.13.2 and tvOS 11.2 to address Meltdown issues. However, the update will be made available for Safari, in few days, to protect against Spectre:

Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.

While beginning coverage of the Meltdown vulnerability said fixes could improve performance, the company says neither macOS nor iOS experience a “measurable reduction in performance” in benchmarking or in web browsing testing.

Apple explains that Meltdown “has the most potential to be exploited,” while Spectre is “extremely difficult” to exploit. Apple notes, however, that Spectre can be exploited in JavaScript running in a web browser. Thus, the company will release updates to Safari on iOS and macOS “in the coming days.”


Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques.


Comments Below