Apple has issued their first public statement regarding the design flaw present in nearly all computers and mobile devices.
The comment comes in the form of a support document giving details in which devices are affected, what the vulnerabilities are, what they’ve done so far, and how you can protect yourself.
Apple has clarified that all iOS and macOS devices are affected (including Apple TV). Apple Watch is not effected by Meltdown.
While that is a significant number of devices to be vulnerable, Apple says users should not worry. Currently, there are no known exploits, and they are very difficult to take advantage of.
They say that the issues can only be exploited when a malicious app is installed on your machine. To help protect yourself, Apple says to be sure to only download apps and software from trusted sources, (such as the App Store).
They’ve also confirmed recent patches that came out in iOS 11.2, macOS 10.13.2, and tvOS 11.2. These patches were aimed to address the Meltdown vulnerability and a new update for Safari will be out in the next couple days to address Spectre.
We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.
Apple also attempted to quell fears of performance hits that were expected after the patch. They say they’ve run tests after the patch and saw no detrimental performance.
Between the two vulnerabilities, Apple says Meltdown “has the the most potential to be exploited,” while Spectre is “extremely difficult” to exploit.
Spectre
Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques.
If you would like to learn more about the exploits, or Apple’s response, you can read the full support document on Apple’s website.