Apple products affected

Apple has confirmed all its Mac systems and iOS devices have been affected by two specific processor flaws that were disclosed recently. These flaws are called Spectre and Meltdown and pose a considerable security issue for those who use Apple products.

Background

Apple Inc. is one of the most successful multinational technology companies in the world. It was founded by Steve Jobs, Steve Wozniak, and Ronald Wayne in April 1976. It was incorporated as Apple Computer, Inc. in January 1977. It currently designs, develops, and sells consumer electronics, computer software, and online services. Among the company’s most successful products are the iPhone smartphone, the iPad tablet computer, the Mac personal computer, the iPod portable media player, the Apple Watch smartwatch, the Apple TV digital media player, and the HomePod smart speaker. Apple's consumer software includes the macOS and iOS operating systems, the iTunes media player, the Safari web browser, and the iLife and iWork creativity and productivity suites. Its online services include the iTunes Store, the iOS App Store and Mac App Store, Apple Music, and iCloud. The current CEO of Apple is Tim Cook.

In November 2017, Apple’s latest phone -iPhone X – hit the markets globally. It is by far the company’s most expensive unit priced at £999. It has been billed as the phone celebrating the 10th anniversary of the iPhone. The unit has been met with largely positive reviews. In addition, Apple once against posted profits for its fourth quarter results. Though its costs increased, Apple said profits were $10.7bn in the quarter, increasing 18%.

In the recent months a number of large organizations have reported cyber hacks and breaches. This includes financial institutions like Equifax and ride sharing company, Uber. This compromised the data and information of millions of people.

On November 2017, a researcher was able to figure out a security flaw in the Apple software in the new Mac that could have possibly given hackers total control of vulnerable machines. The likelihood of the breach was so high that Apple Inc began immediate review of its software development process and pushed out an update that would fix this vulnerability.

Analysis

Apple has confirmed all its Mac systems and iOS devices have been affected by two specific processor flaws that were disclosed recently. These flaws are called Spectre and Meltdown and pose a considerable security issue for those who use Apple products.

According to Apple, the flaw called Meltdown is more vulnerable to be exploited than Spectre. In a blogpost, Apple stated, “Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre.” Apple Watch isn't impacted by the Meltdown flaw.

Fixing the problems will slow a computer's performance, experts say, especially on devices more than five years old. Google and Microsoft have already issued statements informing users which products are affected by the bugs. Microsoft has already released fixes for many of its services.

These bugs make users vulnerable to a number of security issues. They allow hackers to access passwords or the encryption keys held in a device’s memory. Google researchers discovered vulnerabilities in semiconductors in June and reported them to chipmakers Intel and AMD, as well as Arm Holdings. Details of the vulnerability can be found here.

Assessment

Our assessment is that Spectre and Meltdown are a serious security threats to individuals and organizations across the world. However, both vulnerabilities require an attacker to be able to run their code on the device they are attacking – the typical customer is still more likely to be targeted by something more like a phishing mail than a targeted attack exploiting Meldown or Spectre.