Meltdown, Spectre Affect Mac, iOS But There Are No Known Exploits
The computing industry has just gotten its first security scare of the year and boy is it a big one. Nicknamed Meltdown and Spectre, the security vulnerabilities take advantage of how modern processors work on the hardware level, making it a tad difficult to fix without repercussions. Plus, it affects not just in Intel but AMD and even ARM CPUs as well and doesn't discriminate between operating systems either. So while Macs and iOS devices, often hailed for being very secure, aren't immune, Apple's latest bulletin basically says stay calm and keep updated.
Both Meltdown and Spectre exploit the capabilities of modern processors from different angles but in the same manner. They basically take advantage of the fact that CPUs try to execute code that it predicts will be needed next. And because of a flaw in CPU design, user space, a.k.a. regular programs, can access supposedly protected kernel space memory in order to inject malicious code that the CPU will unwittingly execute in advance.
Apple acknowledges that its devices, be it Macs, iPhones, or iPads, are affected by the two vulnerabilities. Interestingly, the Apple Watch is said to be immune. That said, Apple also assures users that there are no known exploits taking advantage of these bugs and it hats already issued patches that mitigate the vulnerability.
Meltdown is the slightly more interesting case because fixes for it necessarily change the way CPUs handle memory and the aforementioned "speculative execution". And this, unfortunately, leads to a performance hit. Apple says, however, that its December 2017 update for iOS 11.2, macOS 10.13.2, and tvOS 11.2 showed no measurable reduction in performance according to benchmarking tools.
The circumstances that could lead to using the Spectre vulnerability might be a bit more difficult to achieve but can still be done using Javascript running on a web browser. As such, Apple will be rolling out an update for Safari, both on macOS and iOS, to mitigate it. Again, no performance problems were reported in Apple's testing.
SOURCE: Apple