It has been revealed that the large majority of the devices that we use powered by Intel, AMD and ARM processors are open to attacks via two security flaws named Meltdown and Spectre.
These are serious vulnerabilities and the whole industry is responding to them accordingly. Apple confirmed that all Mac systems and iOS devices are also affected by the Meltdown and Spectre vulnerabilities saying:
All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.
Apple went on to reassure customers by confirming that it had started to mitigate these flaws in its portfolio of operating systems:
Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown.
As with many security flaws, it’s most likely to be exploited by loading a vicious app on to your Mac or iOS device so users are admonished to only use a trusted source such as the App Store. This is of particular significance if you own an Apple device that isn’t supported by the latest OS’s as Apple has not, and may not, issue fixes for older unsupported devices.
It had been speculated that fixes could slow down an operating system by about 30%. Apple addressed this by stating that the current mitigations applied to macOS and iOS had not resulted in a measurable reduction in performance when measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.
Apple plans to address the Spectre by ‘patching’ Safari across its macOS and iOS platforms in the days to come as it considered that the Meltdown flaw had the most potential to be exploited.
The mitigations for Spectre will have a slight impact on performance with a drop of less than 2.5% on the JetStream Benchmark. Presently no impact has been measured on the Speedometer and ARES-6 tests.
Apple will continue to develop and test further mitigations for these issues and will have them released in upcoming updates of iOS, macOS, tvOS, and watchOS.