KQED is a proud member of
Save ArticleSave Article
upper waypoint
NPR

Apple: Mac and iOS Vulnerable to Meltdown and Spectre Flaws

Scott Neuman
Save ArticleSave Article
Failed to save article

Please try again

Apple says its iOS devices are among those affected by the Meltdown vulnerability. (Sean Gallup/Getty Images)

If you thought your MacBook or iPhone would be immune to the Meltdown and Spectre microprocessor flaws acknowledged earlier this week by Intel, you would be wrong.

The problems found in the chips could allow hackers to get access to passwords and other sensitive data stored on personal computers.

In a statement, released by Apple on Thursday, the company announced, "All Mac systems and iOS devices are affected."

The good news is that "there are no known exploits impacting customers at this time" and that a change could come soon, according to Apple. The company says it has "already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre."

Even so, as Devin Coldewey reports for TechCrunch: "If you're wondering why people keep saying, 'mitigate' instead of 'fix' or 'counteract' or something, it's because Meltdown and Spectre take advantage of computing practices so basic that avoiding them is extremely difficult and complex. And new variants of attacks may very well circumvent the protections companies have put together during the last few months during which the exploits were kept secret. The mitigations and patches will probably multiply."

Sponsored

We wrote earlier that security researchers at Google and elsewhere discovered vulnerabilities in chips made by Intel, AMD, ARM Holdings and other companies. Intel said it was working to "develop an industry-wide approach to resolve [the] issue promptly."

As NPR's Laura Sydell reported for All Things Considered, "When you install a program on your computer, there's generally a wall between it and other programs. But the security flaws, which were built into the chips from Intel, Advanced Micro Devices and ARM, allow one program to spy on another."


Moritz Lipp of Austria's Graz University of Technology is one of the researchers who found the flaw. He tells Sydell that the problem is found on millions of computers, as well as on smartphones and in cloud storage provided by companies such as Google, Amazon Web Services, Apple and Microsoft. While a software patch might mitigate the problem, it is really a hardware issue.

"If you have an issue in hardware, it's not very easy to just change the hardware because you already sold millions of CPUs. And you just can't call them back and change them," Lipp says.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

lower waypoint
next waypoint
Cecil Williams, Legendary Pastor of Glide Church, Dies at 94State Prisons Offset New Inmate Wage Hikes by Cutting Hours for Some WorkersAllegations of Prosecutorial Bias Spark Review of Death Penalty Convictions in Alameda CountyWhy Renaming Oakland's Airport Is a Big DealNurses Warn Patient Safety at Risk as AI Use Spreads in Health CareSF Democratic Party’s Support of Unlimited Housing Could Pressure Mayoral Candidates‘Sweeps Kill’: Bay Area Homeless Advocates Weigh in on Pivotal US Supreme Court CaseSupreme Court Hears Oral Arguments in Major Homelessness CaseBay Area Indians Brace for India’s Pivotal 2024 Election: Here’s What to KnowCalifornia’s Future Educators Divided on How to Teach Reading