Apple isn’t immune to Meltdown and Spectre, the major bugs in basic computing architecture that were announced yesterday to widespread amazement and horror. In an announcement, the company said that “all Mac systems and iOS devices are affected,” which sounds right, but that mitigations are either already in place or on the way.
If you’re still not clear on the whole debacle, I went into detail on it yesterday. Basically, a couple of tricks processors have been using for decades turn out to have a couple extremely serious vulnerabilities and could be used to reveal all kinds of protected data to malicious actors.
Fortunately, as Apple puts it, “there are no known exploits impacting customers at this time.” But you better believe it won’t stay that way for long. To prevent being the lucky first victim (that we know of) of one of the most serious security issues of the decade, please do check if your devices are up to date.
For some devices, it was handled a while ago: “Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2.” Apple Watch is safe, since Meltdown is a problem with Intel processors and it doesn’t have any. Although reports have warned of performance hits, Apple says it has observed “no measurable reduction” in benchmark scores.
For Spectre, which is a trickier beast both to take advantage of and to fix, patches are forthcoming. “Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques.”
If you’re wondering why people keep saying “mitigate” instead of “fix” or “counteract” or something, it’s because Meltdown and Spectre take advantage of computing practices so basic that avoiding them is extremely difficult and complex. And new variants of attacks may very well circumvent the protections companies have put together during the last few months during which the exploits were kept secret. The mitigations and patches will probably multiply.
In the meantime, since the exploits seem to only apply to code running natively on your machine, Apple’s advice is “downloading software only from trusted sources such as the App Store.” Nice try, Apple! I’d rather face an existential threat to computing than use the Mac App Store.