Meltdown and spectre are the new freaks in T-town. Technology town. Sorry, I feel hippie today. There are chances you might have heard of them. Its a very general flaw that is affecting almost everybody. And I will create a general informative post about that. But since I am feeling appley and hippie today. Let’s talk specifically over the impact of meltdown and spectre on apple devices.
Meltdown and Spectre : Whats, Whys and Hows !!
So what in the name of holy silicon are these ?.
In essence there are three potential security threats that you apple devices maybe subjected to.
One named meltdown and two named spectre.
If you have wondered how are CPUs getting so fast with each passing day.
Well, part of that magic is what is called Speculative Evaluation/Execution.
Basically modern CPUs are future tellers. Within limits of possible error they are capable of predicting what next operations are going to be.
Once they do that they will go to the extent of executing them ahead of time.
If the operation is correctly predicted, CPU has already done the hard work thereby reducing the processing time. If the future predictions comes out wrong, the ‘speculative execution‘ is removed.
Needless to say, all of this is fast as anything and almost invisible to software and OS.
So, these potential threats called meltdown and spectre allow hackers to read and access this information in the OS kernel memory by taking advantage of delay in its rollback.
Damn that’s genius on the hackers side, isn’t it.
I mean yeah its unethical and wrong on so many levels. But holy silicon that’s genius.
What devices are going to receive the impact ?
Well, almost all of them.
If you have the grandpa time devices like PowerMac G5 or iPhone 3GS you are probably okay.
But all modern Macs and iOS are likely to be affected.
Although in a strict sense meltdown affects intel based PCs, iOS devices are not untouched.
Spectre on the other hand strikes all iOS, macOS and tvOS.
Apple’s approach to fixing this ?
I want you to understand this isn’t a software or surface issue. These vulnerabilities arise out of flaws directly laid onto the chip or CPU foundation.
The best anyone can really do is just mitigating the risks involved.
Apple already released macOS 10.13.2, iOS 11.2 and tvOS 11.2 with mitigations to lessen the risk.
Additionally, appropriate updates are being released for Safari and Webkit.
More mitigations are on the way as per apple.
Meltdown Spectre Impact on older OS and your phone?
If you have any device that holds a relatively newer operating system, the best thing that you can do is update.
As far as older OSes are concerned, its not completely clear what will be the steps will be.
Presumably their will be security updates however if you have very old phones for which OSes are not supported there isn’t much choice guys.
Hold on tight.
As far as performance go, apple assures that after the thorough testing of devices following the update,“no measurable reduction in the performance of macOS and
iOS”.
How to protect meltdown spectre apple devices from impacts ?
The best and the obvious answer in this case is to just update the device.
If we talk real here there is no fix really.
The only thing that is a probable solution is to make the vulnerabilities harder to access or pull off.
Apple has eliminated many early bugs and the latest versions are running smoothly.
So if you haven’t done it yet update your Mac and iOS device to High Sierra and iOS 11 respectively.
Updates for safari, firefox and chrome to protect your device from the spectre flaw are also on roll out.
Don’t download anything shady and stay vigilant
Try and download apps from the respective markets and avoid downloading from untrusted sources.
I know what you are thinking.
Don’t do that.
Hackers use certain vulnerabilities to get into your system. Firewalls do their job. But I want you to understand the biggest firewall is you.
No, not your anti-virus. Anti-viruses in 21st century should looked as assistants.
Not like Oh Lord, you are thy savior. Bless thy system and show thy wrath of vulnerabilities thee. And stuff like that.
Be conscious, be cautious. Try not to click shady websites and you should be good.
Have you experienced any weird performance changes in your phone lately ?.
And what do you think of the increasing vulnerabilities our devices seem to be subjects of.
What possible steps are you taking towards that ?
Love to hear from ya !!
Chao for now.
See you in the next one.
Namaskaram _/\_ 🙂