The recent reveal of two unprecedented security flaws has caused a number of computing companies to quickly react.
Meltdown and Spectre, the recently revealed security flaws which affect microprocessors in “virtually all” modern computers, can conceivably allow hackers to “steal the entire memory contents” of those computers. But major companies are issuing updates that hope to stop problems before they start.
Intel’s chips are affected by both flaws — and are specifically affected by Meltdown — and the company has already been issuing updates. In a press release, Intel claims that it “has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years.”
An earlier Intel release included findings from Apple, Microsoft, Amazon, and Google, with all noting that security patches have not affected real world computing performance drastically, as was a concern.
Speaking of Apple, the company has issued its own support document about the security flaws, and it’s drawn a lot of attention, as Apple acknowledges that “all Mac systems and iOS devices are affected.”
This certainly isn’t unique to Apple systems and devices, however, so Apple-specific criticism surrounding these flaws is short-sighted and unwarranted. Apple notes that many exploits come from downloading malicious apps, so — as is standard with Apple products, anyway — Apple recommends only downloading apps from its official App Store.
As for the company’s plans moving forward, the document notes that “Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre.”
Also, an in-depth post from Google on the company’s security blog mentions a novel mitigation technique the company developed to ward off “branch target injection” attacks. The technique, called Retpoline, has been shared with Google’s industry partners.
Early results in mitigating these flaws seem to be promising, but it’s too soon to tell how things may turn out in the long term.