Meltdown, Spectre affect Mac, iOS but there are no known exploits


So while Macs and iOS devices, often hailed for being very secure, aren't immune, Apple's latest bulletin basically says stay calm and keep updated.

Apple simply distributed another help archive clarifying that iOS and macOS could be assaulted by the newfound (and exceptionally risky) Meltdown and Specter misuses.

Pointing out that the risks are likely to come from "a malicious app", Apple also advised users to download software "only from trusted sources such as the App Store".

On Wednesday, Alphabet Inc's Google and other security researchers disclosed two major chip flaws, one called Meltdown affecting only Intel Corp chips and one called Spectre affecting almost all computer chips made in the last decade.

Apple explains that Meltdown "has the the most potential to be exploited", while Spectre is "extremely difficult" to exploit. The company says that is "has developed and is rapidly issuing updates for all types of Intel-based computer systems", but it is not clear when - or whether - older devices will be treated to patches.

Apple has vowed to fix two major bugs which could leave iPads, iPhones and Mac computers vulnerable to being hacked.

A PAIR of security vulnerabilities affect virtually all Apple products but are not now affecting users, the company said. Another update is coming to protect the Safari browser from Spectre.

The tech giant added that it has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown, and the Apple Watch is not affected.

Spectre and Meltdown are serious vulnerabilities that take advantage of the speculative execution mechanism of a CPU.

"We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS", Apple said.

The vulnerabilities - which exist at a hardware level - put the onus on system creators such as Apple, Microsoft and Google to release patches at an operating system level to prevent hackers from exploiting the opportunity to steal passwords, credit card numbers and other vital details.

The circumstances that could lead to using the Spectre vulnerability might be a bit more hard to achieve but can still be done using Javascript running on a web browser.