ARM security update suggests some iPhones, iPads, iPods and Apple TVs may be affected by CPU bug

“Following clarification that what was initially reported as an Intel chip bug also affects AMD processors and ARM-based chips, Intel’s CEO has said that ‘phones and everything’ will be impacted,” Ben Lovejoy reports for 9to5Mac. “A security update by ARM suggests that a number of iPhones, iPads, iPods and Apple TVs may be affected.””

“An ARM Processor Security Update lists processors known to be susceptible. These include the Cortex-A8, Cortex-A9 and Cortex-A15,” Lovejoy reports. “While Apple designs its own A-series chips for iOS devices, these are based on ARM architecture. A number of A-series chips include at least some elements of the Cortex-A8, -A9 and -A15 processors, and so may also be susceptible.”

Lovejoy reports, “ARM says that the risk of exploitation is low. ‘It is important to note that this [attack] method is dependent on malware running locally which means it’s imperative for users to practice good security hygiene by keeping their software up-to-date and avoid suspicious links or downloads.'”

Read more and see the list of potentially-affected devices in the full article here.

MacDailyNews Take: Of course, we’ll have to wait to see what Apple says about these issues and what they do, if anything, to mitigate them.

Intel et al. are going to try to sell us on a software bandaid instead of really fixing the problem properly.MacDailyNews, January 4, 2018

UPDATE: 7:10pm ET: Apple: All Mac systems and iOS devices are affected by Meltdown and Spectre security flaws

Intel’s CEO Brian Krzanich sold off the majority of his shares after finding out about the irreparable chip flaws – January 4, 2018
CERT: Only way to fix Meltdown and Spectre vulnerabilities is to replace CPU – January 4, 2018
Security flaws put nearly every modern computing device containing chips from Intel, AMD and ARM at risk – January 4, 2018
Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw – January 3, 2018
Intel’s massive chip flaw could hit Mac where it hurts – January 3, 2018


  1. Apple can make a software patch available if nessessary. And, since Apple controls all the software on the iPhone in the first place through the App Store, they should have be able to make sure anything on the phone does not try to access the bugs in the first place (if indeed iPhones, etc, are affected).

      1. “Software cannot fix a HW design flaw. Mitigate somewhat, maybe.”

        As far as your statement goes your are correct.

        The vulnerability resides in software and firmware, both of which can be resolved with software and/or firmware upgrades.

    1. “Apple can make a software patch available if nessessary. ”

      They already have.

      “Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years.

      In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services [like with Apple’s macOS 10.13.2 issued on December 6th, 2017].”

  2. Everyone should remember that Apple does NOT make ARM processors. Apple licenses the ARM instruction set and certain other IP about the ARM processors, and then Apple designs its own processors from that information. Many other vendors making ARM processors license the entire IP set and just build ARM processors virtually identical, if not truly identical, to ARM Holding’s hardware designs.

    While it is extremely likely that Apple’s recent A series processors *will* have the negative issues that other true ARM processors have, until someone actually investigates it and definitively shows one way or the other we don’t know if Apple’s A series processors have a problem or not.

    Additionally, since Apple builds both the CPU hardware and OS software Apple *should* be able to mitigate any problems with minimum impact. But, as we all know, Apple developing a minimum impact solution may never happen.

      1. macOS 10.3.2 only partially mitigates the issues.

        You know for absolute certainty that Apple’s A series processors have truly zero issues, how? Please enlighten us all.

      2. Apple has now officially stated that all the processors it uses except the one in the Apple Watch are affected by these issues. They also have officially stated that the patches over the last few months help mitigate the issues, but Apple does NOT go as far as saying it fully mitigates the issues.

        You need to get better sources.

    1. “Yes, of course. Wait for apple to tell us what to think. Because we know they will be completely forthcoming about this.”

      I’m going to assume you aren’t stupid, just ignorant.

      MacOS 10.13.2, issued LAST WEEK (before the world even knew there was a potential problem), closes these security holes.

      There are no issues with Apple’s A-series processors.

      1. It’s pretty annoying to see someone post an unjustifiably confident absolute comment like greggthurman has done here.

        Apple repeatedly uses the term “mitigation” instead of “solution.” They don’t even agree with your confidence, gt. Please stop stating as fact something that is not just uncertain, but is almost certainly NOT fact.

  3. I think the cited article misinforms.

    Apple A4 and A5 SoCs were based on ARM Cortex A8 and Cortex A9 designs. Since then, i.e. with the release of the Apple A6 SoC (first used in the iPhone 5), Apple designs and engineers its processors from the ground up. Those implement ARM instruction sets but do not (as far as I know) use ARM’s canned hardware designs.

    The A6 is based on the ARMv7 based processor design and are of Apple’s own creation.

    1. When Apple says it designs its own ARM based processors it is more akin to Apple providing their special crazy glue to assemble the A-series chips with ARM Lego pieces. Depending on what level of granularity the fault occurs at, Apple’s A-series chips could still be affected.

      1. @Xennex wrote, “When Apple says it designs its own ARM based processors it is more akin to Apple providing their special crazy glue to assemble the A-series chips with ARM Lego pieces”

        That is incorrect. Apple designs and engineers its processors from the ground up:
        “The A6 is the first Apple SoC to use its own ARMv7 based processor design. The CPU core(s) aren’t based on a vanilla A9 or A15 design from ARM IP, but instead are something of Apple’s own creation.”

        “When discussing his company’s 64-bit ARMv8 architecture, [ARM’s] Shore revealed that ARM-licensee Apple’s implementation of it in its A7 processor came as a surprise to many at ARM. ‘Our fruity friends earlier this year stunned the world, actually, and stunned most of ARM’s employees, in fact, by releasing the latest version of the iPhone supporting and including a 64-bit processor,’ he said. ‘They’d done that incredibly secretly and ended up stealing a march on the whole of the rest of the industry. It was quite a staggering achievement, to be honest.'”

        1. Thanks for posting that link. After reading it and a few other related reference sources including at ARM Holdings I stand corrected and see that my statement does not apply from the A6 processor onward. Prior to the A6 Apple’s A-series were as I stated similar to crazy gluing Lego.

          Unfortunately it turns out even with Apple having built their A6 to current A-series processors from the ground up it does not make the current problem go away since the problem is not the specific HW implementation but of the ARM ISA itself that is the basis of all ARM based processors.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.