Recently, there were reports of certain vulnerabilities calledĀ Meltdown and Spectre and the latter can affectĀ ARM processors which are found on some iOS and Android smartphones. Android’s January security patch will come with a fix for this issue so that passwords saved in a browser cannot be stolen anonymously. Today, Apple said thatĀ Macs andĀ iOSĀ devices are exposed to these issues. Nevertheless, efforts are already been made to tackle the situation. An update is on its way to protect theĀ Safari browser from Spectre. However, watchOS is safe thus Apple watches are not affected.Ā Ā AppleĀ says that this update can slow the browser, but by no more than 2.5%.
The company said
Gizchina News of the week
“The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at onceāpossibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.Ā The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memoryāincluding that of the kernelāfrom a less-privileged user process such as a malicious app running on a device.”
As of now, there are no reports of users being affected by these vulnerabilities. According to Apple, it will take aĀ maliciousĀ appĀ to trigger Meltdown or Spectre thus users are advised to ensure that all apps are downloaded from aĀ trusted source such asĀ AppĀ Store.
