Apple Confirms Fixes for Major CPU Vulnerability, More on the Way
Apple has confirmed that a pair of critical security vulnerabilities uncovered by security researchers late in 2017, and now filtering out into media reports, does affect “all Mac systems and iOS devices.” These bugs, dubbed Meltdown and Spectre, affect the clear majority of computers and a vast number of mobile devices, regardless of make, model, or manufacturer. Though tricky to exploit, these bugs could allow an attacker untraceable access to a wide variety of user data.
By exploiting a weakness in an advanced function within the processor, Meltdown allows attackers to fool the CPU into exposing the contents of kernel memory. Typically, this information is held under digital lock and key, completely hidden from prying eyes. Spectre is a sophisticated method for defeating sandboxing efforts and accessing information flowing from other apps. So far, no known attacks with these methods have occurred.
Because the researchers who uncovered these flaws reported their findings privately, fixes have already been implemented for Meltdown on Apple devices. Secured versions include iOS 11.2 and macOS 10.13.2. Apple says fixes for Spectre are forthcoming as they continue to work towards a permanent solution.
You can find additional details at MacRumors.