Apple has said that all iPhones, iPads and Mac computers are vulnerable to a major security flaw that leaves the devices open to hacking.
The “Meltdown” and “Spectre” bugs, impact every device running the company’s iOS and macOS operating systems, as well as the Apple TV, the tech giant revealed overnight.
It means Apple devices are potentially vulnerable to hackers using malicious software to steal sensitive data such as passwords or private photos.
It said the first of the two bugs, Meltdown, had been partially solved by software updates released in December and that it had seen no evidence of cybercriminals exploiting the flaw. Spectre, which affects the Arm microchips that the iPhone and iPad use, is more difficult to guard against.
“Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre,” Apple said. “These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.”
Apple sees the security of its computers and phones as a major advantage. Software updates tend to be issued promptly and its gadgets tend to come with greater restrictions than Android or Windows devices, which guards against hackers. Programs can only be downloaded from the App Store and must be approved by the company, for example.
Lukasz Olejnik, an independent security privacy consultant/researcher, said the biggest risk to Apple users may come through malicious websites using JavaScript, a programming language used to run online adverts and other applications.
“One of the most serious threats to ordinary users could be exploitation via JavaScript code on websites. Exploiting the vulnerability on websites seems to be the most realistic attack scenario especially for tightly-controlled ecosystems where normally apps are rarely installed and are installed only from approved sources.”
Apple said it would introduce a software update to its web browser, Safari, to guard against Spectre. “In the coming days, we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS,” it said.
Apple’s Mac computers run on Intel chips, which are affected by the Meltdown and Spectre flaws, while the iPhone and iPad run on chips designed by British company Arm Holdings, which are more vulnerable to the Spectre bug.
The software updates that help fix the bugs, iOS 11.2, MacOS 10.13.2 and tvOS 11.2, were released in December. Devices running older versions of iOS which no longer receive the upgrades, such as the iPhone 5 and 5c, and fourth-generation iPad, are more vulnerable.
Meltdown and Spectre are one of the biggest computer security vulnerabilities ever. Initially thought to merely affect PCs running Intel chips, it has since emerged that they affect mobile phones and other devices too.
They exploit a feature designed to speed up computer processors, and it is feared the fix can slow down computers, but the Apple software updates do not appear to have significantly slowed down the devices.
Security researchers first discovered the bugs last year but they have only just emerged since technology companies were given time to patch the problem.
First seen here.
The post All iPhones, iPads and Mac computers are affected by microchip flaw that leaves devices vulnerable to hackers, Apple says appeared first on MojoMedia.Pro.
source https://www.mojomedia.pro/iphones-ipads-mac-computers-affected-microchip-flaw-leaves-devices-vulnerable-hackers-apple-says/
No comments:
Post a Comment