LISTEN LIVE KPR - On Air: Listen Live to classical, jazz and NPR news Schedule LATEST
NEWSCAST
KPR 2 - On Air: Listen live to KPR's all talk-radio service, KPR2 Recordings

Share this page              

Apple: Mac And iOS Vulnerable To Meltdown And Spectre Flaws

The iOS 11 control center is displayed on the iPhone 8 Plus in New York in September. Apple says its iOS devices are among those affected by the Meltdown vulnerability.

If you thought your MacBook or iPhone would be immune to the Meltdown and Spectre microprocessor flaws acknowledged earlier this week by Intel, you would be wrong.

The problems found in the chips could allow hackers to get access to passwords and other sensitive data stored on personal computers.

In a statement, released by Apple on Thursday, the company announced, "All Mac systems and iOS devices are affected."

The good news is that "there are no known exploits impacting customers at this time" and that a change could come soon, according to Apple. The company says it has "already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre."

Even so, as Devin Coldewey reports for TechCrunch: "If you're wondering why people keep saying, 'mitigate' instead of 'fix' or 'counteract' or something, it's because Meltdown and Spectre take advantage of computing practices so basic that avoiding them is extremely difficult and complex. And new variants of attacks may very well circumvent the protections companies have put together during the last few months during which the exploits were kept secret. The mitigations and patches will probably multiply."

We wrote earlier that security researchers at Google and elsewhere discovered vulnerabilities in chips made by Intel, AMD, ARM Holdings and other companies. Intel said it was working to "develop an industry-wide approach to resolve [the] issue promptly."

As NPR's Laura Sydell reported for All Things Considered, "When you install a program on your computer, there's generally a wall between it and other programs. But the security flaws, which were built into the chips from Intel, Advanced Micro Devices and ARM, allow one program to spy on another."

Moritz Lipp of Austria's Graz University of Technology is one of the researchers who found the flaw. He tells Sydell that the problem is found on millions of computers, as well as on smartphones and in loud storage provided by companies such as Google, Amazon Web Services, Apple and Microsoft. While a software patch might mitigate the problem, it is really a hardware issue.

"If you have an issue in hardware, it's not very easy to just change the hardware because you already sold millions of CPUs. And you just can't call them back and change them," Lipp says.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

Tower Frequencies

91.5 FM KANU Lawrence, Topeka, Kansas City
96.1 FM K241AR Lawrence (KPR2)
89.7 FM KANH Emporia
99.5 FM K258BT Manhattan
97.9 FM K250AY Manhattan (KPR2)
91.3 FM  KANV Junction City, Olsburg
89.9 FM K210CR Atchison
90.3 FM KANQ Chanute

See the Coverage Map for more details

Contact Us

Kansas Public Radio
1120 West 11th Street
Lawrence, KS 66044
Download Map
785-864-4530 (Main Line)
888-577-5268 (Toll Free)
contact@kansaspublicradio.org