How Apple product users can protect themselves against Spectre and Meltdown CPU flaws

“Apple has confirmed that all Macs, iPhones, iPads and other devices (bar Apple Watch) are vulnerable to the newly-revealed Spectre and Meltdown Intel, ARM and AMD processor vulnerabilities,” Jonny Evans writes for Computerworld. “Both Meltdown and Spectre take advantage of speculative execution to access privileged memory — including kernel memory — from a less-privileged user process such as a malicious app running on a device. In other words, it’s possible to use these exploits to get your data.”

“Though Apple and others in the industry all say this is very challenging and say that no known instances of use of these flaws have been seen. Yet,” Evans writes. “Apple says all its devices are vulnerable to the bugs, though Apple Watch is not susceptible to Meltdown.”

“The consequences of these revelations will reverberate for a while, I fear,” Evans writes. “The challenge exists not just in modern but also in older systems, and with millions of those still in use it seems inevitable hackers will create exploits to attack less secure devices… Here’s what you can do to protect yourself…”

Read more in the full article here.

MacDailyNews Take: Good luck, everyone!

The big question is where is performance negatively impacted by these software bandaids and by how much? For that, we wait for research from independent parties.

SEE ALSO:
Apple: All Mac systems and iOS devices are affected by Meltdown and Spectre security flaws – January 4, 2018
ARM security update suggests some iPhones, iPads, iPods and Apple TVs may be affected by CPU bug – January 4, 2018
Intel’s CEO Brian Krzanich sold off the majority of his shares after finding out about the irreparable chip flaws – January 4, 2018
CERT: Only way to fix Meltdown and Spectre vulnerabilities is to replace CPU – January 4, 2018
Security flaws put nearly every modern computing device containing chips from Intel, AMD and ARM at risk – January 4, 2018
Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw – January 3, 2018
Intel’s massive chip flaw could hit Mac where it hurts – January 3, 2018

35 Comments

    1. Apple started soldering in the CPUs to save a penny. Funny how they could afford to use socketed CPUs when the Mac was important, but now they can’t. I guess they need that extra cash for all the High $ execs Timmy keeps hiring.

      That and the extra 50,000 + Headcount. Exactly what do they do?

    2. CPUs not susceptible do not exist. Nobody will ever build fixed versions of any chip that is not still in production. These are fantasies like the battery that never degrades in performance with age.

  1. Agree with MDN.
    Not looking to bankrupt these companies, but these companies have gotten enriched by selling defective goods. Not saying the defects were nessesarily negligence or covered up in this case either. It’s called owning it.

    1. far even for you. These products are not defective and all major vendors have already patched the issue or will very soon. We should apply “reasonableness” to this situation.

      1. All major systems have been partially patched against “some” methods of exploiting the hacks. The issue is to fully patch all known ways of utilizing the issues gets a 30% reduction ( or more depending of process age/speed) in CPU speed. Thus nobody has deployed a “full” patch.

  2. Unfortunately, there is no safe computing platform at this point. New out-of-the-box won’t solve this problem. There are no processors that don’t have these flaws. This could freeze computer purchases for a while.

  3. CERT, the cyber security project at Carnegie Mellon University sponsored by the U.S. government, on Friday withdrew its recommendation for the replacement of the central processing units (CPUs) of affected systems.
    In the updated guidance, CERT said “operating system and some application updates mitigate these attacks.”
    https://www.huffingtonpost.com/entry/apple-spectre-meltdown-chip-flaws-unsecure-web-browsing_us_5a4f8668e4b003133ec74f2e?ncid=inblnkushpmg00000009

    1. Even if all the CPUs could be replaced many machines wouldn’t be able to support the spec of anything that was made. Even if every device with this issue could have a replacement fitted there is no way to practically replace the cpu of every single device made in the last x years, there’s not enough service centres on the planet to meet that sort of demand let alone the manufacturing capacity to make enough chips to go in that many products. Replacement is just pie in the sky.

  4. I think some people are getting overly worked up about this. As far as I can tell it’s not a bug that means anybody can all of a sudden get remote access to your device and access all your data. It’s not some imminent problem that’s going to stop all machines from working at midnight or something. From what I’ve read to actually exploit this is incredibly difficult so while all fixes that are possible should be applied, it’s not case of shutting off all devices that have the issue and replacing every CPU in existence.

    Not to play down the importance of the issue, but it’s not as if every chip is demonstrably faulty and liable to shutdown and destroy the planet at any second.

    People are talking about replacing CPUs, but that’s just nonsense. Even if it was as simple as popping the back off and sticking in a new chip in there aren’t the service centres to do it, there isn’t the manufacturing capacity to produce the number of chips required i.e. even if all capacity on the planet was devoted to it that would only effectively produce enough to replace the last year’s worth of devices.

    All we can do is install the updates, and take the same precautions we always should have been really. That and be thankful we have Apple devices that are actually going to be updated rather than all the Android users who likely won’t ever get a fix because they don’t get updates as it is.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.