As the implications of the recently revealed Meltdown and Spectre CPU bugs become clearer, Apple has broken its silence to admit that all of the company’s products are vulnerable.
iPhone, iPads and Macintosh computers are all at risk from the same flaw that affects billions of computers, phones and devices worldwide.
The Apple Watch however, is unaffected, as it uses Apple’s own CPU rather than one provided by Intel, AMD or Arm.
In a statement released on January 4, the company said: “Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.”
The company also stated that there are no know exploits using either bug, which will impact customers, but recommends that users only download software from trusted sources, such as the official Apple App Stores.
Apple has also claimed that the mitigations released so far have little or no impact on performance, despite initial speculation that fixes would significantly reduce processor speed.
Regarding Meltdown, the Apple statement says: “Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.”
Apple makes the same claims regarding the updates to Safari, which will counter Spectre: “Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark. We continue to develop and test further mitigations within the operating system for the Spectre techniques, and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.”
The repercussions of the bugs are still emerging, with all of the leading tech companies working to address the problem. Intel however has been most affected, as nearly all of the companies products in recent years are directly affected by both Meltdown and Spectre.
The company has run into even more criticism, as it emerged that CEO Brian Krzanich exercised his stock options and then immediately sold the majority of his Intel shares after the company was made aware of the flaws, holding onto only the minimum number required by company bylaws.
This is not the end of the story. As The Register notes, it promises to be a messy, long-term process that promises to take time – possibly years – to lay to rest.
DIGIT will, of course, bring you the latest updates as they happen.