“Meltdown” and “Spectre”: They sound like a doomsday scenario and a super villain from a James Bond movie, respectively. But according to an an announcement by Apple yesterday, they represent microchip flaws that “apply to all modern processors and affect nearly all computing devices and operating systems.”
Although all Mac systems and iOS devices are affected by them, hackers haven’t yet penetrated the hardware bugs maliciously, as far as the computer maker knows. “Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device,” however, Apple recommends “downloading software only from trusted sources,” like its own App Store.
Seeking to correct reports that the flaws are unique to Intel microprocessors, the giant chipmaker released a statement Wednesday contending that “many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”
Intel was quick to try to quell fears about the risk. “Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,” according to the statement.
Apple has already released fixes to help users against Meltdown, the security problem that it said has the greatest potential to be exploited. Meltdown is an exploitation technique known as a “rogue data cache load.” It focuses exclusively on hardware rather than software.
“Without requiring any software vulnerability and independent of the operating system, Meltdown enables an adversary to read sensitive data of other processes or virtual machines in the cloud …, affecting millions of devices,” according to a widely cited research paper on the bug.
Spectre is actually a name covering two different kinds of hacks. These techniques can make items in kernel memory, the core of computer operating systems, available to malicious users. Apple says it plans to release patches in its Safari browser to defend against Spectre.
Home page image: Thinkstock