Apple Says Mac, iOS Devices Could See Spectre, Meltdown Issues, Is Mitigating Those Issues Now


Printer-friendly version Email this CRN article

Apple Thursday said in a support blog its Mac and iOS-powered devices are impacted by the recently-revealed microprocessor-related security issues.

Those issues, called "Meltdown" and "Spectre" by the Google Project Zero team, which was among the first to study them, are potential security issues related to side-channel analysis. The reported vulnerabilities refer to the conditions in computer and mobile device chips where it might be possible for an unauthorized user to read data from privileged zones in memory which would normally not be accessible.

Side-channel analysis, as defined by Intel, is "some observable aspect of a computer system’s physical operation, such as timing, power consumption or even sound" which can be analyzed to potentially expose sensitive data on computer systems that are operating as designed.

[Related: 7 Things You Need To Know About Spectre And Meltdown Security Exploits]

While Intel, as the world's largest processor vendor, has taken much of the heat from the potential security issues, processors from AMD and ARM are also impacted, the Google Project Zero team wrote in a blog post. Many of the Apple devices use ARM-based processors.

"All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store," Apple wrote in its support blog.

Apple in its blog post said it released mitigations for the Meltdown issue, which could enable a user process to read kernel memory, in December with the release of its iOS 11.2, macOS 10.13.2, and tvOS 11.2 operating systems. Its watchOS-based devices did not need mitigation. Apple claims the mitigation resulted in no measurable reduction in performance.

Apple is in the process of releasing an update to its Safari browser for macOS and iOS to mitigate issues related to Spectre, which the company said could make items in kernel memory available to other user processes "by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call." Depending on which benchmark tests are used, the performance impact from the mitigation could be 0 percent or under 2.5 percent, Apple said.

The company will release further mitigations for upcoming updates of iOS, macOS, tvOS, and watchOS, it said.

Printer-friendly version Email this CRN article