Science

Here's the Apple Devices Affected by Meltdown and Spectre

The CPU bugs are widespread.

by Mike Brown
Getty Images / Justin Sullivan

Apple has confirmed which of its devices are affected by Meltdown and Spectre, the two computer processor vulnerabilities revealed earlier this week. The bugs, which allow an attacker to steal sensitive data currently processed by the computer, affects almost every modern system. Apple is no exception.

“These issues apply to all modern processors and affect nearly all computing devices and operating systems,” the company said in a support document released Thursday. “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.”

Although the two bugs appear similar, the researchers that identified the flaws note several key differences. Meltdown breaks the fundamental barriers between programs and memory, which means that the operating system developer will need to release a security update to stop attackers from taking advantage. Spectre is about tricking other applications to reveal their secrets, which makes it both harder to prevent but also harder to exploit in the first place.

The researchers claim that every Intel processor released after 1995, bar one or two, is potentially affected by Meltdown. The team demonstrated the exploit with Intel processors as old as 2011. In the case of Spectre, the team warned that “almost every system” is affected by the flaw. The researchers verified its presence on on Intel, AMD, and ARM processors.

Here’s how Apple’s devices are affected, and the steps it is taking to protect users:

Mac

If you’ve upgraded to macOS update 10.13.2, released on December 6, you’re already protected against Meltdown. Although The Register reported that such updates could slow down computers as much as 30 percent, Apple claims it found “no measurable reduction” in performance from its Meltdown patch.

MacBook Pro touch bar.

Getty Images / Stephen Lam

Apple has found that an attacker could exploit Spectre by using JavaScript in a browser like Safari. The company plans to release an update “in the coming days” to mitigate the techniques. On the Speedometer and ARES-6 performance tests, Apple found no measurable slowdown with the upcoming patch, and just a 2.5 percent reduction in JavaScript performance. The company plans to continue testing for further Spectre exploits and release further updates as they are discovered.

iPhone, iPad, iPod Touch

Apple patched against Meltdown with iOS 11.2, released on December 2. As with the Mac, the company found no reduction in performance. Apple also plans to bring the Safari fixes over to iOS in a future update, with plans for further testing to find more Spectre flaws.

Apple TV

The company’s tvOS 11.2 update, released December 4, patched the Meltdown exploit. As for Spectre fixes, the company said that it will protect against mitigations in upcoming software updates, but did not explain further.

Apple Watch

Good news! The Apple Watch was not affected by Meltdown, so no action was taken. As for Spectre, the company has confirmed that future updates for watchOS will make it harder to exploit.

Related Tags