Apple: Mac and iPhone both affected by big chip vulnerability

Hardware fixes are by nature much slower and more difficult than software fixes. tcareob72/Thinkstock

Hardware fixes are by nature much slower and more difficult than software fixes. tcareob72/Thinkstock

Apple says that now there are no known exploits that are impacting users at this time.

Apple further explains that for these bugs to really affect one's systems, they need to rely on apps with malicious code.

But it advised downloading software only from trusted sources to avoid "malicious" apps.

On Wednesday, Alphabet Inc's Google and other security researchers disclosed two major chip flaws, one called Meltdown affecting only Intel Corp chips and one called Spectre affecting almost all computer chips made in the last decade. Apple Watch is not affected by Meltdown.

Analysis of these techniques revealed that while they are extremely hard to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser.

Apple confirms that Meltdown, Spectre design security flaw impacts all Intel, ARM devices, which means all Mac and iOS devices are affected.

BBC reports that Apple said it had already released some patches but there was no evidence of the vulnerability being exploited.it had already released "mitigations" against Meltdown in its latest iPhones and iPad operating system update - iOS 11.2 and the macOS 10.12.2 for its MacBooks and iMacs.

Apple also announced that it will be releasing patches for Spectre in the form of an update to web browser Safari in a few days.

Shortly after the researchers disclosed the chip flaws on Wednesday, Google and Microsoft released statements telling users which of their products were affected. It also reported that the updates to fix the problems could causes Intel chips to operate 5 percent to 30 percent more slowly.

The current updates to MacOS and iOS protect against Meltdown, but Apple said it will look to incorporate better protections against Spectre-type attacks in future updates to those operating systems.

Even so, as Devin Coldewey reports for Techcrunch: "If you're wondering why people keep saying, "mitigate" instead of "fix" or "counteract" or something, it's because Meltdown and Spectre take advantage of computing practices so basic that avoiding them is extremely hard and complex".

The circumstances that could lead to using the Spectre vulnerability might be a bit more hard to achieve but can still be done using Javascript running on a web browser.

US Justice Dept launches new Clinton Foundation probe - The Hill
Nokia 6 2018 Leaked ahead of Launch - First Look, Price, Specifications