Apple: All Mac and iOS Devices Affected by Meltdown and Spectre; Partial Fixes Already Released


Apple has finally broken its silence on the Meltdown and Spectre vulnerabilities and confirmed that all iOS devices and Macs are affected by it.

A new security document from the company details that while all Mac and iOS devices are vulnerable to Meltdown and Spectre, there are no known exploits or malicious apps out in the wild that take advantage of them. Only the Apple Watch is not vulnerable to any of the two exploits.

More importantly perhaps, Apple confirms that iOS 11.2, macOS 10.13.2, and tvOS 11.2 updates already contain patches that help protect against Meltdown. In the coming days, the company plans to release an update for Safari that will help defend against Spectre. The Cupertino company will also continue to develop and test further mitigation’s for Meltdown and Spectre and release them in future updates.

Apple also confirms that its changes have not lead to any performances degradation in public benchmarks like GeekBendh 4 and Speedometer, with only an impact of less than 2.5 percent being visible on JetStream.

Apple says that as per its analysis, exploiting any of these vulnerabilities is extremely difficult, even by a locally running app on a Mac or iOS device.

Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.

[Via Apple]