We have recieved many concerns and questions regarding the nature of the latest two exploits. Here is more information on what they are exactly, what they do and what you need to do about it.
Two large security vulnerabilities, named Meltdown and Spectre, were revealed this month, when a research team unexpectedly shared the flaw publicly ahead of planned announcements. The security flaws were discovered a few months ago and privately revealed to chip companies, operating system developers and cloud computing companies who were all working to develop necessary security patches, mitigations and methods to work around the flaws. However, since the unexpected announcement, all the companies affected have been responding, somewhat in a disorderly manner. Apple’s prior security updates in early December had already proactively prevented some of the security risks posed via its latest software iterations iOS 11.2, macOS 10.13.2, and tvOS 11.2 updates. Apple is now working on additional fixes to address any Spectre vulnerabilities that could affect the Safari browser.
What is Meltdown and what is Spectre?
Meltdown and Spectre are both security vulnerabilities that affect microprocessing chips. Meltdown was discovered independently by three different groups - researchers from the Technical University of Graz in Austria, German security firm Cerberus Security, and Google’s Project Zero. Spectre was detected by both the Project Zero and independent researcher Paul Kocher.
Meltdown and Spectre are both security vulnerabilities. Modern high performance processors use speculative execution to maximize performance. This method however poses a risk where it is possible to figure out data belonging to another process or even the operating system, thus leaking information. Code that runs using this method could steal passwords or be even more damaging if used in tandem with other security flaws.
Meltdown and Spectre affect microprocessor chips created by Intel, AMD, ARM and other processor companies. They are both hardware flaws, posing greater security risks.
The Meltdown vulnerability allows a malicious program to read kernel memory, accessing data like passwords, emails, documents and photos. Meltdown can be exploited to read the entire physical memory of a targeted machine. Cloud-based services are particularly at risk for this and could result in hacking of data of millions of users if unprotected. Spectre uses two methods of exploitation and breaks isolation between different applications, making more applications vulnerable to manipulation and hacking.
How have companies responded?
Given that both Meltdown and Spectre are hardware-based flaws, operating system manufacturers are required to implement software workarounds.
Every major computing company ranging from microprocessor companies such as Intel, AMD and Arm to Google, Microsoft, Linux, Amazon and Apple has had to respond to this huge security flaw. Microsoft has been testing solutions since November. Intel has been hard hit by this security vulnerability as it affects processors manufactured today and as far back as 20 years. While Spectre affected every computing company, Meltdown really only affected Intel and ARM. Intel has offered an operating system level fix, but this could slow down computer performance significantly.
What action did Apple take?
Apple is a little different than other companies as it designs its own chips and sells devices that contain these chips. It also designs and develops its own operating system. Unlike some of the other companies that responded in vague terms with a lot of marketing filler content, Apple faced the issue directly.
Apple confirmed that both vulnerabilities affect all Mac and iOS devices. They also confirmed that there were no known exploits impacting customers at this time.
Manipulating these security vulnerabilities would require the download of a malicious software app. Apple recommends that users only download app software from trusted sources like the App Store.
Both Meltdown and Spectre do not affect the Apple Watch. Apple’s prior software releases for iOS 11.2, macOS 10.13.2, and tvOS 11.2 all protect against Meltdown.
Apple has shared that the Spectre vulnerability while being difficult to exploit, can be done using JavaScript in a web browser. Apple plans to release Safari updates for macOS and iOS to prevent Spectre-based exploits. Apple also intends to keep testing for Spectre and release mitigations in all future versions of iOS, macOS, tvOS, and watchOS.
AI Usage Transparency Report
Pre-AI Era · Written before widespread use of generative AI tools
AI Signal Composition
Score: 0.04 · Low AI Influence
Summary
The article discusses the recent security vulnerabilities Meltdown and Spectre, which affect microprocessing chips. It explains how these flaws work, their impact on various companies, and how Apple has responded to address them.
Related Posts
The new Mac Pro Tower: Wheels optional
So happy to see that Apple is going back to its ability to allow users to upgrade and customize their Mac Pro tower experience. There was much much love for the old Cheese Grater style Mac Pro and many are still in use because of their overall upgradeability and customization. Not saying that the Trash Can approach was bad. It was in line with their motto, think different. Coming up with a new and unique approach to power computing.
MacOS 10.15 Catalina Releasing this Fall
Wow things move quickly from year to year. No surprise here. MacOS Catalina brings a whole new level of cool back to the Mac in my honest opinion. I am so happy that Apple has decided to break out iTunes into multiple apps. iTunes back in the day was so awesome, easy to use and simplistic. Now it tends to be a power hungry and semi confusing app to use as its the defacto app for everything. How about that annoying feature that automatically launched iTunes when your phone was...
Thanks to our wonderful clients for a great 2018
--- This year was a year of Growth here at Grove Technologies. Our company changed brand, re-defined its core strategy and competency. During this time of transition we learned a lot about what we want to accomplish moving forward and the new direction that we will be moving in. That said I want to thank all of the passionate and amazing clients that trust us with their technology. We are proud to be able to claim that we are helping further many social justice, climate and advocacy movements as well...
Back Up Before Upgrading to Mojave or iOS 12
Poll a room of Apple experts about the one topic they can't stop talking about and many will launch into frustrated rants about how too few people back up. Backups are always important, since you can never predict when your Mac or iPhone will be lost or stolen, melt in a fire, or just break. But one time when backups are especially important is before you upgrade to a major new operating system. If you're thinking "What could go wrong?" the answer is, "Lots," and wouldn't you like to be...
Top Features of iOS 12 to Take Advantage of Right Away
Feeling left behind because you don't have the latest iPhone or iPad? Don't worry, because Apple has a present for you in the form of iOS 12. The new operating system promises to increase performance, particularly for older devices as far back as the iPhone 5s and iPad Air. This means that your device will be able to run more smoothly and efficiently, making it feel like a newer model again.
Seriously Cool Features of macOS 10.14 Mojave You Won’t Want to Miss
With last year's macOS 10.13 High Sierra, Apple made no sweeping changes, instead focusing on refinements and bug fixes. In keeping with the company's alternating cycle of releases, this year's macOS 10.14 Mojave boasts a range of new features that build upon the previous version. As expected, these additions are incremental rather than revolutionary, allowing users to gradually adapt to the updated functionality without feeling overwhelmed by drastic changes.
When Should You Upgrade to macOS 10.14 Mojave, iOS 12, watchOS 5, and tvOS 12
When Should You Upgrade to macOS 10.14 Mojave, iOS 12, watchOS 5, and tvOS 12? --- It's that time of year again, when an Apple user's thoughts drift to new versions of macOS, iOS, watchOS, and tvOS. Apple announced the new versions in June, and public betas have been available since. But once Apple makes macOS 10.14 Mojave, iOS 12, watchOS 5, and tvOS 12 available for free download, you'll need to decide when to install each.
How to Deal with macOS Server Losing Many of Its Services
For many years, Apple has sold macOS Server (previously called OS X Server) for those who wanted to run various Unix-based Internet services on a Mac. Server became popular because it put an easy-to-use graphical interface on top of the Unix apps, allowing Mac users to avoid complicated configuration files and reducing the need to work at the command line. This made it accessible to a wider range of users, including those without extensive technical knowledge, who still wanted to manage their own servers.
Sneak Preview of What’s Coming from Apple This Fall
At Apple’s Worldwide Developer Conference keynote on June 4th, the company unveiled the first developer versions of all four of its operating systems: macOS 10.14 Mojave, iOS 12, watchOS 5, and tvOS 12. They won’t be available until this fall, likely in September or October, but here is a glimpse of what you can expect from these upcoming updates. The new features and improvements will be detailed further at the conference, giving developers a head start on preparing their apps for the new operating systems.
Apple Pay Is Faster, Easier, More Secure, and More Private Than Using Credit Cards
You’ve probably heard of Apple Pay, but have you set it up so you can use it to pay for purchases at checkout? If not, give it a try, since it’s one of those living-in-the-future Apple technologies that feels like science fiction every time you use it. Simply put your iPhone, iPad, or Apple Watch within an inch or so of a compatible payment terminal (look for an Apple Pay or contactless payment logo), put your finger on the Home button to use Touch ID (or double-press the iPhone’s side...
