After more than a day of silence, Apple confirmed Thursday that the Mac, iPhone and iPad are all affected by the recently disclosed massive chip vulnerability.
Why it matters: Although the vulnerabilities are at the hardware level, most of the mitigations are being done at the operating system level, putting the onus on companies like Apple, Microsoft and Google. Microsoft and Google have already released and detailed patches for Windows, Chrome OS and Android.
Apple said there are no known exploits for the vulnerabilities and said the iOS and MacOS updates “resulted in no measurable reduction in the performance of macOS and iOS” as measured by various benchmark tests.
The current updates to MacOS and iOS protect against Meltdown, but Apple said it will look to incorporate better protections against Spectre-type attacks in future updates to those operating systems.
The bigger immediate threat from Spectre, Apple said, is in the Safari browser. “Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser,” Apple said. “Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques.”
Apple said its current testing shows little impact on most benchmarks with a 2.5% impact on one test, known as JetStream. “We continue to develop and test further mitigations within the operating system for the Spectre techniques, and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.”
