Published: Mon, January 08, 2018
Hi-Tech | By Ellis Neal

Apple says its product chips flawed


The issues - Spectre and Meltdown - are flaws in computer chips which could, in theory, allow hackers to steal data from affected systems. The company already released mitigations against Meltdown in its most recent versions of iPhone, iPad, Mac, and Apple TV software.

While there are no known exploits for Spectre on iOS devices, Apple recommends users avoid malicious apps by only downloading software from trusted sources such as the App Store.

Researchers at Google's Project Zero, academic institutions and private companies published their findings on the vulnerabilities Wednesday. Experts are agreeing that wholesale hardware replacement, which could take years, is not considered necessary and that security patches would be sufficient to seal the flaws and secure the devices.

The more pervasive flaw of the two, dubbed Spectre, leaves the world's supply of microprocessors potentially vulnerable to attack, the researchers said.

It has said that it was "proactively contacted" by Intel over the issue and that it is waiting to see "what steps Intel proposes to take as we receive the information".

The company has said that it will release a patch to protect its browser, Safari, against Spectre. "They will improve on it".

Shares in Intel, the world's biggest maker of the computer processing units that are affected, fell by as much as 5pc last week after the bugs emerged. Before the problems became public, Google on its blog said Intel and others planned to disclose the issues on January 9. "Intel is committed to responsible disclosure".

All Intel processors are vulnerable by default, with patches being released for PC operating systems and firmware by Microsoft and other major tech vendors to reduce the risk.

Intel also played down concerns about slowed performance due to the updates, noting that for the "average computer user", the impact should not be significant and will lessen over time. Linley Gwennap of The Linley Group, which tracks the chip industry, thinks the security flaws could affect about 500m of them.

"Meltdown 'and 'Spectre" are two bugs that *could* be used to attack your devices - phones, tablets or computers. In the coming days we plan to release mitigations in Safari to help defend against Spectre.

A spokeswoman for Samsung said "for Samsung's Android based mobile devices with the latest security update, the exploit is effectively mitigated".

Google said its Android phones were protected if users had the latest security updates. "Internet of things (IoT) devices are also susceptible as they run the same type of processors, and people are less likely to update these accordingly the same way they would their personal or work computers". The good news is there is no bad news yet about hackers having exploited the processor flaws thus far. But AMD jumped more than 5 percent following the publication of the security flaws, to close at $12.12 a share.

Most of the immediate fixes will be limited to the Meltdown bug.

Like this: