This morning when you woke up and instinctively grappled for your iPhone like a baby reaching out for the comfort of its mother’s finger, you probably saw an alarming piece of news.
All iPhones, iPads and Macs are currently affected by two major flaws in the computer chips Apple uses.
These flaws – named Meltdown and Spectre – could allow hackers to steal your sensitive data. As far as the security flaws go, they’re big ‘uns, but Apple is assuring consumers that there is no evidence these vulnerabilities have been exploited yet.
Which is all very well and good, but what does this mean for YOU? Is it Freak Out O’clock?
Are only Apple devices affected?
The Meltdown and Spectre flaws are found within computer processors – basically the main chip in a computer. They have been found in chips made by Intel and ARM and the industry has been aware of the issue for a while, but Apple specifically has hit the headlines today because it wrote a blog explaining the issue and declared “All Mac systems and iOS devices are affected”. In reality, nearly all computers worldwide are affected.
However Apple Watch isn’t affected by Meltdown, which is nice for… some of you guys, somewhere out there, we guess.
OK, but what exactly are Meltdown and Spectre, apart from names for an up-and-coming YA series about an ordinary girl with the weight of the world on her shoulders?
If you boil it down, add some salt, and then boil it down again, these flaws in essence allow hackers to read sensitive information from your computer’s memory – meaning they could access your passwords, card details, and even key strokes (the keyboard keys you’ve been pressing and the order you’ve been pressing ‘em in).
The two flaws are of course endlessly more complicated than this in practice, and can be exploited in different ways, with Spectre being the most difficult for hackers to take advantage off. Daniel Miessler, a security professional from San Francisco, has written a handy explanation of the precise differences between Meltdown and Spectre.
Yeah, I didn’t really want to know all that. What I really want to know is WHAT DO I DO?
Apple has advised that you only download software from trusted sources, so if you’re on your iPhone, for example, don’t downloading anything that’s not from the App Store. Apple have also released patches to protect users, so it’s important to update your devices so they’re running the latest iOS (iOS 11.2) by going to Settings > General > Software Update and latest macOS (High Sierra 10.13.2) here.
The National Cyber Security Centre (NCSC) has released guidance clarifying that the flaws are also exploitable from web browsers, so they advise to “take care when executing any untrusted code, including JavaScript on web pages”.
And what is Apple doing to fix this? I WAS TOLD BY APPLE CAREEEE!!
In its blog post, Apple says it has released “mitigations” to defend against Meltdown, and are releasing those against Spectre in the next few days.
I’m still not sure if I need to freak out…
Listen, this is a big deal – and now it has been publicised in such a large way, there are potentially more opportunities for people to start exploiting it. Still, the NCSC says the vulnerabilities haven’t been exploited yet.
All that big-deal-oh-shit-oh-shit stuff aside, there’s nothing you can do about this so you may as well calm down (no offence, my friend, your talents are many and varied in other areas). So that said, UPDATE THE SOFTWARE ON YOUR DEVICES RIGHT NOW, and go for some damn lunch.
Content from our partners
Related
