Apple admitted yesterday that all Macs and iOS devices are affected by the Meltdown and Spectre chip bugs, a massive vulnerability that was discovered by Project Zero, a team of security analysts employed by Google tasked with finding zero-day vulnerabilities.
While it was assumed among cybersecurity experts that the vulnerability extended to Apple, the announcement confirmed it. At issue are processes at the deepest level of a personal computer’s operations where certain anticipatory commands—basically an info-architectural set up designed to “guess” what actions are going to be needed next to speed up performance.
What Project Zero discovered is that these transitory commands can be read. This is a serious problem, because those transitory moves designed to improve a user’s experience can include unencrypted, sensitive data such as encryption keys, sensitive information in open applications and passwords. Needless to say, were that data to fall into the wrong hands, the user’s experience would less than optimal (i.e, they could well find themselves in harm’s way).
In a world where the NSA has been outed as a treasure trove of exploits, it is not beyond the pall that the vulnerability has been exploited, but in keeping with the Project Zero report, Apple said there have been “no known exploits impacting customers at this time.”
Apple reported that recent updates to its Mac, iOs and tvOS may help diminish the threat posed by Meltdown, and other forthcoming updates to the Apple browser, Safari, could help fend off attempts to exploit the Spectre vulnerability.
It is important to bear in mind that these vulnerabilities have existed since 2008, and may go back to 1994. Regardless, install any and all updates that come your way—even if they affect performance—and stay tuned for more news.