If you are a computer user, it helps to be aware of the most common OS vulnerabilities that may likewise affect your device like every other computer in the world today. Spectre and Meltdown are two of the most talked about vulnerability now even if they have been around for decades. It’s embedded to the PC’s processors itself and there is little we can do about it unless we change the way processors are designed in the future. Not even Apple’s mighty defenses can overcome these much-talked-about vulnerabilities these days. Back then, it was not really that big of a deal since the issue with the processor does not have any drastic implication to computer users but things have significantly changed with the advent of the Internet of Things.
For two decades we simply ignored these vulnerabilities but hackers saw potential in it and it’s the reason why we are even talking about it now. Speculative Execution is a feature that your PC’s CPU is capable of doing even in the background. It boosts your computer’s performance and allows it to multitask, a capability that comes in handy these days. Now, Spectre and Meltdown have taken advantage of this property by accessing sensitive information in your PC’s memory it should not have access to through the delay in the rollback of speculative execution. All devices are affected and Apple is doing its best to reduce the damage to its iOS users.
Apple released a statement on their website confirming that all of their devices were affected by the two flaws but that no actual incidents had yet been reported.
The company also said many of these processor security issues require a “malicious app to be loaded” onto the device before a hacker can take advantage of them. Apple recommends their customers download software from “only from trusted sources” such as the iOS and Mac App Stores to keep their data safe.
The latest Apple updates – tvOS 11.2 released on 4th December, iOS 11.2 released on 13th December, and macOS 10.13.2 released on 6thDecember – have been designed to protect supported devices against Meltdown.
These updates are available for all supported iPhone, iPad, Mac computers and Apple TV devices. Apple also confirmed that WatchOS did not need updating to defend against the Meltdown flaw.
(Via: https://www.cashlady.com/news/meltdown-spectre-affect-mac-ios/)
The best counter-measure against these vulnerabilities are ensuring your devices are equipped with new updates. At the rate malware is being spread by cyber criminals, it is easy to fall prey if you don’t safeguard yourself by simply updating your devices. This is all that we can do for now – to make do with patches from updates since the problem exists at the processor level, essentially your computer’s brain. Come to think about it, all PCs and modern computing devices today use AMD, ARM, and Intel chips that are all affected by both Spectre and Meltdown.
Apple revealed that it had already released ‘mitigations’ for Meltdown in iOS 11.2, so make sure you keep an eye out for any new updates made available for iOS on your iPhone or iPad and go into ‘Settings’ to check what version of iOS you are running.
Ensure your Mac is up to date by hitting the apple in the top left of your menu, selecting About This Mac, and checking if your version number reads macOS 10.13.2 or greater. Apple says the patches don’t measurably affect performance, and it’ll continue to develop more mitigations for future updates.
Don’t jailbreak your iPhones. Those who jailbreak their devices are potentially more vulnerable to malware, particularly when vulnerabilities exist at a processor level.
So, whether you are using an iPhone or a Mac device, you remain at risk of these vulnerabilities but you somehow reduce this risk through software updates. Also, refrain from jailbreaking your phone because you increase the likelihood of getting your device infected and your data stolen by these crooks. If there is one good news Apple users should rejoice for is the fact that despite the widespread reports of other devices getting infected by these vulnerabilities, none were reported so far among Apple users. Apple already released patches for Meltdown on their recent update but is still working on one for Spectre.
While we are waiting for these fixes, always be careful and avoid opening dubious emails or make sure you only download apps from the App Store. Simple things like these can go a long way in safeguarding your device from malware. If you are not careful enough, you may find yourself worrying about Mac data recovery after losing your data to hackers. Meanwhile, bigger companies with servers may also have to deal with server or RAID restoration knowing that processors are the ones affected here and no fix can ever address this issue for real unless the processor’s design is changed for good.