The firm says there are no known exploits against users

Jan 5, 2018 05:18 GMT  ·  By

Apple has finally confirmed what we reported a few hours ago based on an ARM support document: all iPhone models are vulnerable to the Meltdown and Spectre bugs.

Even though iPhones are powered by Apple’s own A-series chips, they are based on ARM technology. In addition to Intel and AMD, ARM is also affected by Meltdown and Spectre security flaws, hence Apple’s devices being impacted as well.

Apple says in a long advisory that absolutely all Mac and iOS devices are exposed, but says that it’s not aware of any exploits that might be targeting its users.

“All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store,” Apple says.

Users already protected against Meltdown

In addition, the company says iOS 11.2, macOS 10.13.2, and tvOS 11.2 are all protected against Meltdown, and promises to ship an update to address the Spectre vulnerabilities as soon as possible.

“In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS,” Apple says.

While the Apple Watch isn’t affected by the two vulnerabilities, Apple says there’s a bigger chance for Meltdown to be exploited. Just like Microsoft, who has already shipped updates to prevent JavaScript attacks in the browser, Apple plans to release patches for Safari on iOS and macOS in the coming days.

As for the performance impact these updates could have, Apple says users shouldn’t notice what it describes as “measurable reduction in performance,” a conclusion that the company achieved after performing its own benchmarks following the install of the security updates.

“Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques. Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark,” the firm concludes.