Apple has finally released an official statement on the company's mitigations status regarding the recently disclosed Meltdown and Spectre vulnerabilities.
Without mincing words, the Cupertino-based company says that "all Mac systems and iOS devices are affected" by the two vulnerabilities.
Below is a summary of Apple's statement regarding the two flaws that affect the vast majority of processors released in the past two decades.
Apple says that mitigations against the Meltdown flaw, currently known to affect only devices using Intel CPUs, has been quietly deployed in iOS 11.2, macOS 10.13.2, and tvOS 11.2.
Apple Watch is not affected by the Meltdown flaw, the company said.
Intel's PR department has been trying its best to dispell rumors that Meltdown patches cause performance dips for its CPUs. According to Apple's engineers, there was no "no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6."
No Apple product has patches to protect against the Spectre flaws but the company promised updates for iOS, macOS, tvOS, and watchOS.
Nonetheless, the first product to receive Spectre patches will be Safari, on both macOS and iOS. The update is expected in the coming days.
Google engineers, who discovered Meltdown and Spectre, described the two attacks as follows:
Google says it chose the Meltdown name to describe the attack because "the bug basically melts security boundaries which are normally enforced by the hardware."
"The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time," Google says. "Spectre is harder to exploit than Meltdown, but it is also harder to mitigate," hence why Apple has yet to release patches, and why Spectre patches on Windows require additional motherboard/CPU firmware updates. Spectre is know to affect CPUs from Intel, AMD, and ARM.
For a list of updates and security advisories regarding the Meltdown and Spectre bugs, Bleeping Computer has a separate article here.