Meltdown and Spectre chip vulnerabilities – what you need to know

Last week, Apple issued a statement confirming that all Mac and iOS devices were affected by both Meltdown and Spectre Chip flaws. What does that mean for the security of your business if you're Mac users?

By jennie
08.01.18 / News, Security


Following on from the Iamroot issue at the end of last year, news of a flaw in some chips used across the majority of Apple devices is an unwelcome start to the new year. It means that Macs, iPhones and iPads are vulnerable to Spectre attacks through code that can run via web browsers. Apple is planning to release a patch to Safari in the next few days, so we’ll be updating this post when we know more.

There’s some good news, as the most recent OS updates (iOS 11.2, macOS 10.13.2, and tvOS 11.2)  will protect users against Meltdown, so if you haven’t already it’s worth upgrading as soon as possible.

What are the issues?

In summary, Spectre and Meltdown are vulnerabilities that could exploit the speculative execution mechanism of a device or computer. Meltdown allows a malicious program to read kernel memory (the main processing part of the computer), which would allow unauthorised access to passwords, documents, photos etc. Meanwhile, Spectre breaks the isolation between different applications. Although Apple has said that the Spectre vulnerability is difficult to exploit, this could be achieved via JavaScript in a web browser.

There’s more information about the vulnerabilities in Apple’s support document.

Protecting your business

Whilst we wait for more updates from Apple, as yet, there have been no known exploits affecting users. In the meantime, the main thing you can do to protect your business continues to be ensuring that you and your team are vigilant about cybercrime. Ensure your staff understand what to watch out for, there are some useful tips and information on our blog post about cybercrime last year.

Be aware of emails pretending to be from your credit card, bank, or HMRC. But also, anything that looks like an internal email asking for online payments to made or for your business bank details. But overall, it’s best to avoid clicking on any links in an email that you think looks suspicious and that includes downloading files from an unknown source.

Be aware that some software is incompatible with High Sierra, such as FileMaker 12 and Office 2011. So if you’re using these applications you’re not going to want to upgrade. Similarly, if you are using a much older Mac, you won’t be able to upgrade.

We have already contacted our current clients about this issue and will be supporting them through any upgrades. And we’ll update this post when we hear more from Apple.

Leave a Reply

Your email address will not be published. Required fields are marked *