How Apple product users can protect themselves against Spectre and Meltdown CPU flaws

“Apple has confirmed that all Macs, iPhones, iPads and other devices (bar Apple Watch) are vulnerable to the newly-revealed Spectre and Meltdown Intel, ARM and AMD processor vulnerabilities,” Jonny Evans writes for Computerworld. “Both Meltdown and Spectre take advantage of speculative execution to access privileged memory — including kernel memory — from a less-privileged user process such as a malicious app running on a device. In other words, it’s possible to use these exploits to get your data.”

“Though Apple and others in the industry all say this is very challenging and say that no known instances of use of these flaws have been seen. Yet,” Evans writes. “Apple says all its devices are vulnerable to the bugs, though Apple Watch is not susceptible to Meltdown.”

“The consequences of these revelations will reverberate for a while, I fear,” Evans writes. “The challenge exists not just in modern but also in older systems, and with millions of those still in use it seems inevitable hackers will create exploits to attack less secure devices… Here’s what you can do to protect yourself…”

Read more in the full article here.

MacDailyNews Take: Good luck, everyone!

The big question is where is performance negatively impacted by these software bandaids and by how much? For that, we wait for research from independent parties.

SEE ALSO:
Apple: All Mac systems and iOS devices are affected by Meltdown and Spectre security flaws – January 4, 2018
ARM security update suggests some iPhones, iPads, iPods and Apple TVs may be affected by CPU bug – January 4, 2018
Intel’s CEO Brian Krzanich sold off the majority of his shares after finding out about the irreparable chip flaws – January 4, 2018
CERT: Only way to fix Meltdown and Spectre vulnerabilities is to replace CPU – January 4, 2018
Security flaws put nearly every modern computing device containing chips from Intel, AMD and ARM at risk – January 4, 2018
Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw – January 3, 2018
Intel’s massive chip flaw could hit Mac where it hurts – January 3, 2018

35 Comments

    1. Apple started soldering in the CPUs to save a penny. Funny how they could afford to use socketed CPUs when the Mac was important, but now they can’t. I guess they need that extra cash for all the High $ execs Timmy keeps hiring.

      That and the extra 50,000 + Headcount. Exactly what do they do?

    2. CPUs not susceptible do not exist. Nobody will ever build fixed versions of any chip that is not still in production. These are fantasies like the battery that never degrades in performance with age.

  1. Agree with MDN.
    Not looking to bankrupt these companies, but these companies have gotten enriched by selling defective goods. Not saying the defects were nessesarily negligence or covered up in this case either. It’s called owning it.

    1. far even for you. These products are not defective and all major vendors have already patched the issue or will very soon. We should apply “reasonableness” to this situation.

      1. All major systems have been partially patched against “some” methods of exploiting the hacks. The issue is to fully patch all known ways of utilizing the issues gets a 30% reduction ( or more depending of process age/speed) in CPU speed. Thus nobody has deployed a “full” patch.

  2. Unfortunately, there is no safe computing platform at this point. New out-of-the-box won’t solve this problem. There are no processors that don’t have these flaws. This could freeze computer purchases for a while.

  3. CERT, the cyber security project at Carnegie Mellon University sponsored by the U.S. government, on Friday withdrew its recommendation for the replacement of the central processing units (CPUs) of affected systems.
    In the updated guidance, CERT said “operating system and some application updates mitigate these attacks.”
    https://www.huffingtonpost.com/entry/apple-spectre-meltdown-chip-flaws-unsecure-web-browsing_us_5a4f8668e4b003133ec74f2e?ncid=inblnkushpmg00000009

    1. Even if all the CPUs could be replaced many machines wouldn’t be able to support the spec of anything that was made. Even if every device with this issue could have a replacement fitted there is no way to practically replace the cpu of every single device made in the last x years, there’s not enough service centres on the planet to meet that sort of demand let alone the manufacturing capacity to make enough chips to go in that many products. Replacement is just pie in the sky.

  4. I think some people are getting overly worked up about this. As far as I can tell it’s not a bug that means anybody can all of a sudden get remote access to your device and access all your data. It’s not some imminent problem that’s going to stop all machines from working at midnight or something. From what I’ve read to actually exploit this is incredibly difficult so while all fixes that are possible should be applied, it’s not case of shutting off all devices that have the issue and replacing every CPU in existence.

    Not to play down the importance of the issue, but it’s not as if every chip is demonstrably faulty and liable to shutdown and destroy the planet at any second.

    People are talking about replacing CPUs, but that’s just nonsense. Even if it was as simple as popping the back off and sticking in a new chip in there aren’t the service centres to do it, there isn’t the manufacturing capacity to produce the number of chips required i.e. even if all capacity on the planet was devoted to it that would only effectively produce enough to replace the last year’s worth of devices.

    All we can do is install the updates, and take the same precautions we always should have been really. That and be thankful we have Apple devices that are actually going to be updated rather than all the Android users who likely won’t ever get a fix because they don’t get updates as it is.

  5. Makes me want to give up on all computers and cell phones.

    And I wonder what other exploits are yet to be found?

    Wouldn’t be surprised if some of these are backdoors put in purposely to help the CIA and NSA ‘protect’ us from the bad guys…

    1. IBM provides patches for their Power7+, 8 and 9 processors. All of these processors are of course from well after Apple dumped PPC CPUs (which were Power5).

      https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/

      I was able to dig up an iffy statement that Power6 CPUs did NOT yet have Speculative Execution. That would make all PPC Macs IMMUNE.

      https://forum.level1techs.com/t/list-of-cpus-most-likely-immune-to-spectre/123128

      HISTORY:
      IBM first wrote about Speculative Execution back in 1998. However, the original IBM base research was published in 1967. Oddly, IBM were late to the party integrating Speculative Execution into their own CPUs.

  6. According to the article I posted 2 days ago, The Military INTEL has been monitoring everything since 1958. Change the chips – after they have found a deeper layer to hide in – but still monitor all activities locally on the CPUs. Only then will everyone feel pseudo-safe. The 3-letter acronyms still own you.

    1. Could you please provide source information regarding your statements about military surveillance? Was it (unconstitutionally) applied to US citizens without warrants (IOW Pre-FISA?). Also, I’d enjoy reading your article if you would please provide a link. Tnx!

        1. There are lame arguments that it is. But of course we know full well that they’re nothing more than a rubber stamping process for almost any request, including approval AFTER surveillance has already been done. There are less than a handful of denials from the FISC. IOW: I agree that FISA is unconstitutional with regard to how it has been used. It’s all part of the shameful abuse of the US Constitution by those who swore an oath to uphold and defend it.

          IMHO it was the enablement of 9-11 by the US Neo-Conservatives (whom I call the Neo-Con-Jobs) that began this profound streak of corruption in MY government. They figure that if they can pull the wool over the eyes of We The People regarding what REALLY happened on 9-11 then they can pull anything. That streak of deceit toward We The People has most recently lead to our IDIOCRACY that is The Trump administration. Tell any LIE as long as its something the sheeple WANT to hear.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.