Apple admits its products affected by global security flaw
- Author: Toni Ryan Jan 05, 2018,
Jan 05, 2018, 12:29
Apple was one of the last major computer firms left to comment on the newly discovered flaw, although it was already widely believed that its devices could be affected. Apple also added that since it would take a malicious app to set off Meltdown or Spectre, it recommends that iOS and Mac users install apps from a trusted source only, such as the App Store.
The company said in an online support document that it has recently added security protections to MacOS and iOS created to prevent one series of attacks, known as Meltdown, and is working to update Safari to prevent against another type of attack, dubbed Spectre.
Nearly every computing machine on this planet is affected by the recently discovered Meltdown and Spectre flaws, including Apple products. Spectre covers two different exploits and allows applications to read each other's memory.
The Cupertino, California-based company said recent software updates for iPads, iPhones, iPod touches, Mac desktops and laptops, and the Apple TV set-top-box mitigate one of the vulnerabilities known as Meltdown.More news: Website says Noles not eligible for bowl game
Besides, as per a report published on The guardian.com, Apple is also developing protections against the Spectre flaw for its Safari browser for iOS and macOS devices.
Companies scrambled yesterday (Jan. 3) to release patches for Windows and Android devices, with speculation mounting that the flaws, which apply to most modern processors, impacted Apple's devices, too.
And Microsoft has already released fixes for many of its services. And because of a flaw in CPU design, user space, a.k.a. regular programs, can access supposedly protected kernel space memory in order to inject malicious code that the CPU will unwittingly execute in advance.
Apple is continuously developing and testing various mitigations and will release new updates further in all iOS, macOS and tvOS to tackle the situation.
Apple's Spectre fix is still to come, though those vulnerabilities are harder to exploit, according to researchers.