What you should know about Spectre and Meltdown

What you need to know about Spectre and Meltdown:

You’ve read the news and seen the reports – Spectre and Meltdown are indeed a thing.

Security researchers recently uncovered security issues known by two names, “Meltdown” and “Spectre“.

The Meltdown and Spectre issues take advantage of a modern CPU performance feature which is

UPDATE: In a statement on its website, Apple said all Mac and iOS devices are affected by both Meltdown and Spectre. But the most recent operating system updates for Mac computers, Apple TVs, iPhones and iPads protect users against the Meltdown attack and do not slow down the devices, it added, and Meltdown does not affect the Apple Watch.

The Meltdown technique can enable a user process to read kernel memory.

Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. 

We therefore advise to disable Javascript where possible to avoid any risk of issues.

As we mentioned above Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation.

Spectre and Meltdown

Spectre is a name covering two techniques which potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.

Spectre and Meltdown: Our best advice is to get your Mac upgraded to the very latest operating system “Mac OS High Sierra” and this is best done by experts who can advise you on the best possible approach including data optimisation, adding extra memory and installing an SSD.

Need help or further advice? Come to the experts, we’re always willing to offer independent and trusted advice.

Team @ MacEmergency

4th January 2018

[adl-post-slider id=3053]