Source: https://www.csoonline.com/article/3245770/security/spectre-and-meltdown-what-you-need-to-know-going-forward.html
Apple confirmed that its products are vulnerable to Spectre and Meltdown security issues. These issues affect nearly all operating systems and computers, including Apple’s. Despite that, there are no reports about the exploits affecting Apple users at this time. For that reason, the company recommends downloading apps from trusted sources, like the App Store.
What are Spectre and Meltdown?
“The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.” – Apple
Both issues use speculative execution in accessing privileged memory. Apple stated that all of its devices are susceptible to the bugs but not Apple Watch.
Even though there are no Apple devices reported to have been affected by these issues, there are things that you can do to protect your Apple device against these vulnerabilities.
Update the software
The company released updates for its software to defend against Meltdown bug. It released updates for iOS 11.2, tvOS 11.2 and macOS 10.13.2. But it didn’t confirm its plans on securing older systems.
Furthermore, it released mitigations in Safari on Sierra and El Capitan to fight against Spectre. It’s vital that you update your OS and application software. It’s also likely that it’ll introduce a succession of app and system updates as it finds a way on how to stop the exploit.
Avoid jailbreak
Having a jailbroken iPhone or Apple device is fun. You can have full control over your device. But that power also makes your device vulnerable to malware. It’s especially true when the vulnerabilities occur at a processor level.
Opt to download apps from the App Store
The issues require a malicious app to be downloaded to your Mac or iOS device. Thus, you should only download software from trusted sources. Although it’s a good advice, App Store discovered some apps that distribute malware. These moments are rare, however. The reason for this is that the company does a great job in securing its device.
Download Safari updates
With Spectre, it’s easy to exploit JavaScript’s weakness in a web browser. That’s why the company released an update for its Safari for Macs and iOS devices to mitigate those exploit techniques.
Use only Safari
Mac and iOS users should use Safari for now and avoid Chrome, Internet Explorer and Firefox. At present, these browsers can’t protect iOS users against Spectre. However, they promised to release security updates.
Never use questionable apps
You must always be vigilant when downloading apps on your Mac or iOS. These new exploits need to be downloaded and installed on your system. Thus, never install or use apps that you don’t trust. In other words, don’t use apps from outside of the App Store.
Avoid clicking links from people you don’t know
It’s old advice, but it’s still effective. Don’t click the links from individuals you don’t know. Even though no known exploits reported yet, hackers are still developing malware that can exploit these flaws.
Then, make sure to monitor your bank accounts for any unauthorized access.
The cloud services are also affected. Amazon, Microsoft, and Google issued documents that explained the protections they’ve added to their services
Apple’s updates will protect its devices against those security issues. The good thing is that they won’t impact system performance. However, you may experience a slower Safari performance.
For Windows users, it might be time for them to ditch Windows XP and opt to buy new tech.
Make sure also that older systems should be quarantined from your networks. Conduct a systems audit to find any issues that could negatively affect your confidential data.
The challenges don’t only exist in modern systems but also in older techs. That’s because millions of old systems are still in use. Keep in mind that hackers are creating exploits that can attack less secure devices.
