This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/technology/2018/jan/05/apple-mac-spectre-meltdown-iphone-ipad-hackers

The article has changed 6 times. There is an RSS feed of changes available.

Version 0 Version 1
Apple says Meltdown and Spectre flaws affect all Mac and iOS devices Apple says Meltdown and Spectre flaws affect all Mac and iOS devices
(about 1 hour later)
Apple has warned owners of its iPhones, iPads and computers that the devices are affected by a processor flaw that could leave them vulnerable to hackers. Apple’s iPhones, iPads and Mac computers are all vulnerable to the major processor flaws revealed on Wednesday, the company has warned, but it says updates are already available.
The company advised millions of customers to download software only from trusted sources after the security vulnerabilities, known as Meltdown and Spectre, were revealed on Wednesday. The flaws known as Meltdown and Spectre affect almost every modern computing device from all manufacturers using chip designs from Intel, AMD and ARM. Apple uses Intel processors in its Mac computers and ARM-based designs for its A-series processors used in the iPhone, iPad, Apple TV and Apple Watch lines.
There is no evidence that the flaws – which affect computer processors built by Intel and ARM – have been exploited by hackers, though companies including Microsoft have been working to provide fixes.
In a blogpost, Apple said it had released updates for iOS, the software on its phones and tablets, macOS, which is used by its computers and tvOS for its television products.
“Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre,” it added. “These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.
“Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the app store.”
The firm said the Apple Watch was not affected by Meltdown and it planned to release and update for its web browser, Safari, in the coming days to defend against Spectre.
The flaws were discovered by researchers at Google and academic institutions last year but were kept secret.
Users can do little to avoid the security flaws apart from update their computers with the latest security fixes as soon as possible. Fixes for Linux and Windows are already available. Chromebooks updated to Chrome OS 63, which started rolling out in mid-December, are already protected.Users can do little to avoid the security flaws apart from update their computers with the latest security fixes as soon as possible. Fixes for Linux and Windows are already available. Chromebooks updated to Chrome OS 63, which started rolling out in mid-December, are already protected.
Android devices running the latest security update, including Google’s Nexus and Pixel smartphones, are already protected. Updates are expected to be delivered soon. Users of other devices will have to wait for the updates to be pushed out by third-party manufacturers, including Samsung, Huawei and OnePlus.Android devices running the latest security update, including Google’s Nexus and Pixel smartphones, are already protected. Updates are expected to be delivered soon. Users of other devices will have to wait for the updates to be pushed out by third-party manufacturers, including Samsung, Huawei and OnePlus.
An update from Apple on what is needed for its Mac computers and iOS devices is expected.An update from Apple on what is needed for its Mac computers and iOS devices is expected.
Apple said: “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.”
The company advised customers to download software only from trusted sources such as its iOS and Mac App Stores to help prevent hackers from being able to use the processor vulnerabilities.
In a support document, Apple said that iOS 11.2 released on 13 December, macOS 10.13.2 released on 6 December and tvOS 11.2 released on 4 December all protect against Meltdown for supported devices and that WatchOS did not need updating.
Apple said it was developing protections against the Spectre flaw for its Safari browser for iOS and macOS, and would release them in the coming days to help stop potential exploitation via JavaScript running in the browser from a website.
Apple said: “Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark.”
Users of Apple products are urged to update their devices with the latest software if they have not already. iOS 11.2 supports the iPhone 5S and newer, iPad Air and newer and the sixth generation iPhone Touch. MacOS 10.13.2 supports the iMac and MacBook from late 2009 or newer, the MacBook Pro, Mac Mini and Mac Pro from mid-2010 or newer and the MacBook Air from late 2010 or newer.
The Meltdown and Spectre flaws were discovered by security researchers at Google’s Project Zero in conjunction with academic and industry researchers from several countries. The details of the flaws were reported in June but were not made public until this week as developers scrambled behind the scenes to create fixes for the flaws and prevent their malicious use.
Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers