Macs are Safe against Meltdown and Spectre, Don’t Believe the Media Hype

Apple Logo

Apple Logo

Computer media outlets have nearly melted down the past few days reporting about the vulnerabilities now known as Meltdown and Spectre. There have been numerous reports and of course all the media has misquoted the original sources of this news so its time to set the story straight. These vulnerabilities exist because of the method that is used to improve CPU performance drastically, known as Speculative Execution this technique is one of our basic cornerstones and as such most if not all CPUs use the technique, which of course means that all CPUs are theoretically vulnerable to the meltdown and Spectre attacks. An attacker can take advantage of these flaws to steal privileged data which can then be used to own the system.

Vulnerability

Intel was originally blamed for this problem, being conformed to be a problem for all recent Intel X86-64 CPU chips. Intel ford back that “everyone” was vulnerable so AMD fired back that they were not vulnerable. Intel reiterated that all CPU manufacturers that used Speculative Execution should be vulnerable and that prompted AMD to respond that theater CPUs were not vulnerable in hardware but that they required a software patch to avid the problem.

Fact: All CPUs that use Speculative Execution are in fact candidates to be vulnerable. At this moment every major CPU, including Intel, AMD and ARM, are in fact vulnerable. The only CPUs that are not vulnerable are the Apple W1 CPUs in the Apple Watch. Being a new from the ground up design entirely fro Apple, the W1 has a different internal design that is more suitable for micro-devices such as the Apple Watch. At the time that these vulnerabilities were announced, Apple had already sent out a patch to defend users against these problems. Windows and Linux is still completely unpatched and are completely vulnerable.

Apple notes that macOS has a different, security oriented, internal structure so there is no know way at the moment to take advantage of these vulnerabilities. This means that Mac users were not in any danger at any time. Apple did release an update to make sure that if anyone did find a way to execute those vulnerabilities, that Macs could not be compromised at all.

Performance

Initial media reports fueled panic because the quotes being thrown around were that everyone was going to suffer a 30% across the board performance penalty. That story got downgraded to a 5% to 30% penalty. These flaws are not correctable in hardware, Intel claims that everyone will have to issue a software patch which of course will use up CPU cycles to protect against these flaws.

Fact: Apple has already patched their systems and they report that there is no noticeable performance that they could detect except in one Javascript speed test in Safari that had a very small performance slowdown. hey are working on an update for Safari to eliminate that slight slowdown. If you don’t use Javascript very heavily (most of us don’t use it at all anymore) then you won’t notice anything at all. If you do use Javascript heavily then its beloved that its unlikely that you will notice the difference.

Samsung & Droid

Samsung and all of Google’s Android operating system are vulnerable to these exploits yet we have not seen any news as to when those systems will get updated. My suggestion to those users is to see them now before their prices collapse and go buy an iPhone and iPad.

Bottom Line

If you’re a Windows or Linux user then your system is vulnerable and you’re at risk to have your system completely compromised until the patches arrive, which could take weeks. If and when the patches do arrive be prepared for massive slowdowns when your system is loaded.

If you’re a Mac, iPhone, iPad or Apple TV users then make sure that you have the latest version of the OS installed and you’re fine, don’t believe the hype, Macs are still as secure as they have always been.

Source: About speculative execution vulnerabilities in ARM based and Intel CPUs -Apple

If you would prefer to watch a video instead of reading Apple’s official statement:

Update 1

Sierra and El Capitan have also been patched by Apple (in addition to High Sierra). Make sure that you update all those systems, if you haven’t done so already.

Source: About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan

Update 2

Apple has released the promised update to Safari, to protect against Spectre (CVE-2017-5753 and CVE-2017-5715).

About the security content of Safari 11.0.2 -Apple

Update 3

As usual, all the media hype about how badly the performance hit for ALL Intel based computers was greatly exaggerated. Apple products have shown no detectable slowdowns at all but Windows users look to be in for tangible performance hits.

Microsoft Confesses Patch will Slow Windows PC’s -Patently Apple

 

Hashtags

#WeStandWithApple

#SecurityForAll

#ThinkDifferent

Blackstone’s Formulation

“It is better that ten guilty persons escape than that one innocent suffer” William Blackstone

Favorite me on AppleNews now, to stay up to date with deep insight and helpful tips.

Get more free cloud storage space now, directly from: Drop Box

Thank you for your support, Please don’t forget to visit the sponsor of my site, Amazon, it really helps me out and does not cost you a single penny extra.

Dr Bob

Dr Bob Tech Blog Privacy Policy

Leave a Reply