This time, there was not much waiting: the day after the discovery of vulnerabilities in all the main processor families on the market, the Apple published a long support document to describe their impacts to its users.
In addition, it tried to describe the actions taken on their products and, as expected, much of the work on correcting their platforms has already been carried out – not least because these companies were aware of the loopholes a few months ago, well before they became public.
A5, used to equip the iPhone 4s and iPad 2, is one of many processors manufactured by Apple that are affected.The ads came after the ARM disseminate its safety report on the topic, with instructions for patches to be carried out by the respective manufacturers. In it, it indicates that only Apple CPUs developed under the Cortex A8, Cortex A9 and Cortex A15 architectures are affected, which led to sites like the 9to5Mac to report that only a few iOS gadgets would be affected.
Apple’s statement, however, was more comprehensive: the company confirmed the worst case, stating that all Macs and iOS devices are affected without exceptions. According to your support document:
Security researchers recently discovered security issues known by two names, Meltdown and Specter. They apply to all modern processors and affect almost all devices and operating systems. All iOS devices and Mac systems are affected, but there are no known exploits impacting customers at this time. Since exploiting these flaws requires a malicious application to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources, such as the App Store. Apple has released patches on iOS 11.2, macOS 10.13.2 and tvOS 11.2 to help defend users against the vulnerability Meltdown. The Apple Watch is not affected by it. In the coming days, we plan to release patches in Safari to help defend users against the vulnerability Specter. We continue to develop and test new defenses for these vulnerabilities and will release them in the next updates to iOS, macOS, tvOS and watchOS.
In order to avoid another imbroglio involving performance issues of its products, Apple informed in that same document that the corrections implemented in its last wave of updates were tested through benchmarks run on Macs, iPhones and iPads, both Geekbench 4 and other JavaScript-specific ones, including Speedometer, JetStream and ARES-6. However, in the latter case, Safari still requires other immediate adjustments against the vulnerability Specter to mitigate risks; the company’s preliminary tests indicate that the loss in website performance will not exceed 2.5% of the current numbers.
According to Apple, these adjustments will be incorporated into more updates for all its platforms, containing fixes for Safari and others related to the vulnerability Specter. No deadline was given in the document, but the company promised them “for the next few days”, showing little fanfare and surprise at a situation that was already well mapped.
Intel advances in the subject and promises fixes for up to 90% of PCs
Who also detailed his actions better on the flaws discovered yesterday was the Intel. Although Macs are well covered by Apple, the main processor manufacturer for the PC market has been severely criticized by the media, not least because initial reports put it as the only one affected by these problems.
According to the new statement, most of its models launched in the last five years already have patches for distribution, including firmware updates for many device and computer manufacturers. The level of coverage provided is “Greater than 90%”.
However, it concerns the possibility that impacts on the performance of PCs and other devices will be felt for a long time. The biggest complaints come from administrators of Linux environments, but most manufacturers still need to position themselves on the patches published by Intel and ARM, fueling speculation about similar problems in certain product models and other platforms.
Update Jan 5, 2018 at 20:30
The Apple support document was updated today to communicate that Apple Watch is not affected so much for the vulnerability Meltdownwhen when Specter. However, macOS, iOS and tvOS are expected to receive updates in the coming days.
