Meltdown and Specter - Everything you need to know for Mac and iOS users

Since the beginning of the year, there have been reports of security gaps in the Apple operating systems iOS and macOS. The two terms Meltdown and Specter are often mentioned because they stand for the individual weak points. This affects chips from Intel, AMD and ARM, whose idle processor resources (speculative execution) offer a point of attack that enables data and files to be read out. Apple is already familiar with Meltdown and Specter; Corresponding update and patch solutions are currently on the way.

Meltdown and Specter are security flaws in CPU chipsets from Intel, AMD and ARM, which theoretically allow third-party access to sensitive data, passwords and files on Apple Mac (macOS) and iPhone (iOS). Here you can find information and tips on the topic.

Meltdown and Specter are security flaws in CPU chipsets from Intel, AMD and ARM, which theoretically allow third-party access to sensitive data, passwords and files on Apple Mac (macOS) and iPhone (iOS). Here you can find information and tips on the topic.

Meltdown and Specter - what is it?

Meltdown is a security vulnerability that is believed to only affect Intel processors. It is intended to "melt down" security restrictions that are normally provided by the hardware. Specter is a similar security hole that affects AMD and ARM processors in addition to Intel - the problem arises from the way in which the speculative execution is handled, i.e. the idle processor resources that calculate the program flow in advance in order to make possible actions faster to be able to realize.

How did the vulnerabilities come to light?

Apparently, Meltdown and Specter were brought to light by three independent bodies: Google Project Zero, Cyberus Technology and the Technical University of Graz or individual researchers from the three bodies. It was found that the speculative execution processes described above make it possible to access actually protected content such as passwords, encryption data, other sensitive information and apps. As a test, access was also implemented in or between virtual and physical machines. Have more info and details Google and its Project Zero.

Recommended reading: With backups against ransomware

First patches and updates rolled out on January 8, 2018

Among other things, the Apple WebKit, which enables web applications in Safari, is affected by the security gaps. For example, if Java scripts (JavaScript) or WebAssembly code are executed, then this is the case. A possible attacker then has the opportunity to access the kernel and kernel information. Details are available on the website WebKit.org, where it is also stated that patches with weakening of the security vulnerability have already been rolled out for these computer and mobile systems:

  • iOS 11.2.2
  • macOS 10.13.2 (Here as a supplemental update to the one from mid-December 2017. You can see whether it is installed if your Safari has the version number 13604.4.7.1.6 or 13604.4.7.10.6)
  • Safari 11.0.2 for El Capitan (macOS 10.11) and Sierra (macOS 10.12)
  • TvOS 11.2

Overview: The latest Apple security updates

All security updates with release date, availability and a link to further information can also be found in the Apple support document HT201222. There is information here not only for systems such as iOS, macOS, tvOS and watchOS, but also with regard to programs and services such as Safari, iTunes and iCloud. This also applies to individuals App-Versions for Windows and Android.

Windows and Linux are also affected

The Central Processing Units (CPU) from Intel, AMD and ARM are of course not only installed in Apple's Mac, iPhone or iPad, but also in computers, notebooks and similar devices with Windows and Linux as the operating system. Microsoft has been responding to the security vulnerabilities with patches for Windows 4, 2018 and 10 since January 8.1, 7 Z for you. The English-language specialist magazine also offers a comprehensive article for Apple users in the form of a Meltdown and Specter FAQ iMore.

What can I do as a user?

What can I do as a user and how can I protect myself against Meltdown and Specter on iPhone, iPad, iPod, Mac, iMac MacBook and a PC with Windows or Linux? This is the question that some of you who have heard of the CPU vulnerabilities may ask yourself. In addition to general information that applies to every security leak, there are also specific information here:

  • Always installs the latest updates and patches (it is best to activate automatic installation)
  • If in doubt, compare your system and program versions with the information provided by the manufacturer (Apple, Microsoft, etc.)
  • Don't panic - Meltdown and Specter are omnipresent due to the CPU nature of the matter, but not necessarily omnipotent. If you want to be on the safe side, do not save sensitive data and passwords on Mac, iPhone and Co.
-

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published.