Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs Cisco Partner Summit Digital 2020 Lenovo Tech World Newsroom Dell Technologies World Digital Experience 2020 HPE Zone Masergy Zenith Partner Program Newsroom Dell Technologies Newsroom Fortinet Secure Network Hub Hitachi Vantara Digital Newsroom IBM Newsroom Juniper Newsroom The IoT Integrator Lenovo Channel-First NetApp Data Fabric Intel Tech Provider Zone

Apple Says Mac, iOS Devices Could See Spectre, Meltdown Issues, Is Mitigating Those Issues Now

The side-channel analysis security issues, under which processors from Intel, AMD, and ARM could allow reading of privileged information by rogue applications, could impact Mac and iOS devices, but Apple has already mitigated some of those issues.

Apple Thursday said in a support blog its Mac and iOS-powered devices are impacted by the recently-revealed microprocessor-related security issues.

Those issues, called "Meltdown" and "Spectre" by the Google Project Zero team, which was among the first to study them, are potential security issues related to side-channel analysis. The reported vulnerabilities refer to the conditions in computer and mobile device chips where it might be possible for an unauthorized user to read data from privileged zones in memory which would normally not be accessible.

Side-channel analysis, as defined by Intel, is "some observable aspect of a computer system’s physical operation, such as timing, power consumption or even sound" which can be analyzed to potentially expose sensitive data on computer systems that are operating as designed.

[Related: 7 Things You Need To Know About Spectre And Meltdown Security Exploits]

While Intel, as the world's largest processor vendor, has taken much of the heat from the potential security issues, processors from AMD and ARM are also impacted, the Google Project Zero team wrote in a blog post. Many of the Apple devices use ARM-based processors.

"All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store," Apple wrote in its support blog.

Apple in its blog post said it released mitigations for the Meltdown issue, which could enable a user process to read kernel memory, in December with the release of its iOS 11.2, macOS 10.13.2, and tvOS 11.2 operating systems. Its watchOS-based devices did not need mitigation. Apple claims the mitigation resulted in no measurable reduction in performance.

Apple is in the process of releasing an update to its Safari browser for macOS and iOS to mitigate issues related to Spectre, which the company said could make items in kernel memory available to other user processes "by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call." Depending on which benchmark tests are used, the performance impact from the mitigation could be 0 percent or under 2.5 percent, Apple said.

The company will release further mitigations for upcoming updates of iOS, macOS, tvOS, and watchOS, it said.

Back to Top



trending stories

sponsored resources