All iPhones, iPads and Mac computers are affected by microchip flaw that leaves devices vulnerable to hackers, Apple says

0

Apple has said that all iPhones, iPads and Mac computers are vulnerable to a major security flaw that leaves the devices open to hacking.

The “Meltdown” and “Spectre” bugs, which were disclosed earlier this week, impact every device running the company’s iOS and macOS operating systems, as well as the Apple TV, the tech giant revealed overnight.

It means Apple devices are potentially vulnerable to hackers using malicious software to steal sensitive data such as passwords or private photos.

It said the first of the two bugs, Meltdown, had been partially solved by software updates released in December and that it had seen no evidence of cybercriminals exploiting the flaw. Spectre, which affects the Arm microchips that the iPhone and iPad use, is more difficult to guard against.

“Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre,” Apple said. “These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.”

Apple sees the security of its computers and phones as a major advantage. Software updates tend to be issued promptly and its gadgets tend to come with greater restrictions than Android or Windows devices, which guards against hackers. Programs can only be downloaded through the App Store, and must be approved by the company, for example.

Lukasz Olejnik, an independent security and privacy consultant and researcher, said the biggest risk to Apple users may come through malicious websites using JavaScript, a programming language used to run online adverts and other applications.

“One of the most serious threats to ordinary users could be exploitation via JavaScript code on websites. Exploiting the vulnerability on websites seems to be the most realistic attack scenario especially for tightly-controlled ecosystems where normally apps are rarely installed, and are installed only from approved sources.”

What do you think?