KQED is a proud member of
Save ArticleSave Article
upper waypoint
NPR

Apple: Mac and iOS Vulnerable to Meltdown and Spectre Flaws

Scott Neuman
Save ArticleSave Article
Failed to save article

Please try again

Apple says its iOS devices are among those affected by the Meltdown vulnerability. (Sean Gallup/Getty Images)

If you thought your MacBook or iPhone would be immune to the Meltdown and Spectre microprocessor flaws acknowledged earlier this week by Intel, you would be wrong.

The problems found in the chips could allow hackers to get access to passwords and other sensitive data stored on personal computers.

In a statement, released by Apple on Thursday, the company announced, "All Mac systems and iOS devices are affected."

The good news is that "there are no known exploits impacting customers at this time" and that a change could come soon, according to Apple. The company says it has "already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre."

Even so, as Devin Coldewey reports for TechCrunch: "If you're wondering why people keep saying, 'mitigate' instead of 'fix' or 'counteract' or something, it's because Meltdown and Spectre take advantage of computing practices so basic that avoiding them is extremely difficult and complex. And new variants of attacks may very well circumvent the protections companies have put together during the last few months during which the exploits were kept secret. The mitigations and patches will probably multiply."

Sponsored

We wrote earlier that security researchers at Google and elsewhere discovered vulnerabilities in chips made by Intel, AMD, ARM Holdings and other companies. Intel said it was working to "develop an industry-wide approach to resolve [the] issue promptly."

As NPR's Laura Sydell reported for All Things Considered, "When you install a program on your computer, there's generally a wall between it and other programs. But the security flaws, which were built into the chips from Intel, Advanced Micro Devices and ARM, allow one program to spy on another."


Moritz Lipp of Austria's Graz University of Technology is one of the researchers who found the flaw. He tells Sydell that the problem is found on millions of computers, as well as on smartphones and in cloud storage provided by companies such as Google, Amazon Web Services, Apple and Microsoft. While a software patch might mitigate the problem, it is really a hardware issue.

"If you have an issue in hardware, it's not very easy to just change the hardware because you already sold millions of CPUs. And you just can't call them back and change them," Lipp says.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

lower waypoint
next waypoint
Stunning Archival Photos of the 1906 Earthquake and FireCould Protesters Who Shut Down Golden Gate Bridge Be Charged With False Imprisonment?Why Nearly 50 California Hospitals Were Forced to End Maternity Ward ServicesSan Francisco Sues Oakland Over Plan to Change Airport NameFederal Bureau of Prisons Challenges Judge’s Order Delaying Inmate Transfers from FCI DublinDemocrats Again Vote Down California Ban on Unhoused EncampmentsFirst Trump Criminal Trial Underway in New YorkAlameda County DA Charges 3 Police Officers With Manslaughter in Death of Mario GonzalezDespite Progress, Black Californians Still Face Major Challenges In Closing Equality GapJail Deaths Prompt Calls To Separate Coroner And Sheriff's Departments In Riverside County