If You Have These Apple Devices, You May Be At New Risk From Terrifying "Meltdown" & "Spectre" Bugs
If you're a frequent user of technology, chances are you've been a bit anxious about all of the news surrounding the "chip flaw" leaving billions of Apple devices vulnerable to security threats. Usually when I hear about news like this, I calmly wait to hear that my own devices have not and will not be affected. Unfortunately, as an Apple user, that's not the case this time around. There are a number of Apple devices at risk from the "Meltdown" and "Spectre" bugs. Here's what you need to know to protect yourself from hackers.
On Thursday, Jan. 4, Apple released a statement confirming their customers' worst fears: Spectre and Meltdown, two security issues recently uncovered by security researchers, are affecting Apple devices. An excerpt from the statement reads, "All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time."
Basically, if you use Apple products such as an iPhone, Mac, or an iPad, you are at risk — but no users have reported any security problems as of the release of the statement. That being said, there are a few things you need to know to quell your panic and keep your devices secure.
The first thing you should know is that Apple is already taking steps to help users keep their devices secure. The company has released mitigations in software updates to help defend against both Meltdown and Spectre, so update your devices' software as these updates become available. Additionally, Apple recommends only downloading software from trusted sources (aka the App Store). If you've been thinking about buying a new Apple device, that wouldn't hurt, either, as older devices are more vulnerable to these security risks.
Now you know how to protect your Apple devices, but what exactly are you protecting them from? Essentially, any modern processor contains a new feature called "speculative execution." The feature, when used appropriately, is supposed to improve your device's speed and increase its performance. But when used maliciously, researchers have discovered that the feature can exploit memory access by outside users (read: hackers) as the devices queue up information. Researchers have uncovered two ways that speculative execution can be abused.
Meltdown
Meltdown is an internal bug that allows hackers to read already-loaded memory details. Essentially, Meltdown gives hackers access to your personal data, including passwords, emails, documents, photos, and beyond. If your device falls victim to Meltdown, its memory can be accessed from any targeted cloud-based machine. This is the security breach that Apple has already released mitigations to defend against. These mitigations can be found in iOS 11.2, macOS 10.13.2, and tvOS 11.2. (Note: Apple Watch is not being affected by Meltdown at this time.) Meltdown is easier to exploit, which is probably why Apple released mitigations for it first.
Spectre
Spectre is a bit more difficult to exploit, but it can be done, and the outcome is scary. According to Apple, Spectre makes your personal information readily available by "taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call." According to TechCrunch, Meltdown messes with protective security measures, while Spectre actually accesses the protected information. Spectre is more difficult to exploit within your device, but can potentially be exploited via JavaScript running in a web browser. To combat this, Apple will release an update to Safari in the coming days, and will continue to handle the issue through upcoming updates of iOS, macOS, tvOS, and watchOS.
There's no need to panic yet, but you don't want to be too lax, either. Remember to keep an eye out for software updates from Apple, as well as any other news about Meltdown and Spectre.
Check out the entire Gen Why series and other videos on Facebook and the Bustle app across Apple TV, Roku, and Amazon Fire TV.
