ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
Apple has finally released an official statement on the company’s mitigations status regarding the recently disclosed Meltdown and Spectre vulnerabilities.
Without mincing words, the Cupertino-based company says that “all Mac systems and iOS devices are affected” by the two vulnerabilities.
Below is a summary of Apple’s statement regarding the two flaws that affect the vast majority of processors released in the past two decades.
Apple says that mitigations against the Meltdown flaw, currently known to affect only devices using Intel CPUs, has been quietly deployed in iOS 11.2, macOS 10.13.2, and tvOS 11.2.
Apple Watch is not affected by the Meltdown flaw, the company said.
Intel’s PR department has been trying its best to dispell rumors that Meltdown patches cause performance dips for its CPUs. According to Apple’s engineers, there was no “no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.”
No Apple product has patches to protect against the Spectre flaws but the company promised updates for iOS, macOS, tvOS, and watchOS.
Nonetheless, the first product to receive Spectre patches will be Safari, on both macOS and iOS. The update is expected in the coming days.
What are Meltdown and Spectre
Google engineers, who discovered Meltdown and Spectre, described the two attacks as follows:
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
Google says it chose the Meltdown name to describe the attack because “the bug basically melts security boundaries which are normally enforced by the hardware.”
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
“The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time,” Google says. “Spectre is harder to exploit than Meltdown, but it is also harder to mitigate,” hence why Apple has yet to release patches, and why Spectre patches on Windows require additional motherboard/CPU firmware updates. Spectre is know to affect CPUs from Intel, AMD, and ARM.
For a list of updates and security advisories regarding the Meltdown and Spectre bugs, Bleeping Computer has a separate article here.
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.