Apple has confirmed which of its devices are affected by Meltdown and Spectre, the two computer processor vulnerabilities revealed earlier this week. The bugs, which allow an attacker to steal sensitive data currently processed by the computer, affects almost every modern system. Apple is no exception.
“These issues apply to all modern processors and affect nearly all computing devices and operating systems,” the company said in a support document released Thursday. “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.”
Although the two bugs appear similar, the researchers that identified the flaws note several key differences. Meltdown breaks the fundamental barriers between programs and memory, which means that the operating system developer will need to release a security update to stop attackers from taking advantage. Spectre is about tricking other applications to reveal their secrets, which makes it both harder to prevent but also harder to exploit in the first place.
The researchers claim that every Intel processor released after 1995, bar one or two, is potentially affected by Meltdown. The team demonstrated the exploit with Intel processors as old as 2011. In the case of Spectre, the team warned that “almost every system” is affected by the flaw. The researchers verified its presence on on Intel, AMD, and ARM processors.
Here’s how Apple’s devices are affected, and the steps it is taking to protect users:
If you’ve upgraded to macOS update 10.13.2, released on December 6, you’re already protected against Meltdown. Although The Register reported that such updates could slow down computers as much as 30 percent, Apple claims it found “no measurable reduction” in performance from its Meltdown patch.
iPhone, iPad, iPod Touch
Apple patched against Meltdown with iOS 11.2, released on December 2. As with the Mac, the company found no reduction in performance. Apple also plans to bring the Safari fixes over to iOS in a future update, with plans for further testing to find more Spectre flaws.
The company’s tvOS 11.2 update, released December 4, patched the Meltdown exploit. As for Spectre fixes, the company said that it will protect against mitigations in upcoming software updates, but did not explain further.
Good news! The Apple Watch was not affected by Meltdown, so no action was taken. As for Spectre, the company has confirmed that future updates for watchOS will make it harder to exploit.