It was recently revealed that nearly all Intel processors, as well as AMD and ARM processors, are affected by the Meltdown and Spectre exploits. Apple has confirmed that their devices have been affected as well. It was noted that there are no known exploits impacting customers at the time.
The exploit in Apple products comes from the use of Intel processors in their devices. Apple has released some updates to defend against Meltdown and will be releasing an update to protect against Spectre soon.
“Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre”
As previously noted, Meltdown and Spectre are two different vulnerabilities:
- Meltdown: The easier and more serious vulnerability. The ‘Meltdown’ exploit breaks down CPU-level protections and allows a program to access memory that it otherwise would not have access to.
- “Every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013).” Whether or not this affects AMD and ARM processors has not made clear.
- The patch for ‘Meltdown’ incurs the performance penalties.
- Spectre: Like Meltdown, Spectre allows for the leaking of memory. Spectre breaks down the walls between applications and allows an attack to trick error-free programs into leaking secrets. Safety checks might make applications more susceptible to Spectre. This exploit is harder to achieve, but also harder to exploit.
- Intel, AMD, and ARM processors are affected (basically almost every system).
- The patches here have less of a performance effect.
Apple will continue to monitor the exploits and release updates to mitigate their effectiveness.