Recently, there were reports of certain vulnerabilities called Meltdown and Spectre and the latter can affect ARM processors which are found on some iOS and Android smartphones. Android’s January security patch will come with a fix for this issue so that passwords saved in a browser cannot be stolen anonymously. Today, Apple said that Macs and iOS devices are exposed to these issues. Nevertheless, efforts are already been made to tackle the situation. An update is on its way to protect the Safari browser from Spectre. However, watchOS is safe thus Apple watches are not affected. Apple says that this update can slow the browser, but by no more than 2.5%.
The company said
“The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software. The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.”
As of now, there are no reports of users being affected by these vulnerabilities. According to Apple, it will take a malicious app to trigger Meltdown or Spectre thus users are advised to ensure that all apps are downloaded from a trusted source such as App Store.