The tech world has been abuzz with discussion of Meltdown and Spectre, massive “speculative execution” security vulnerabilities recently discovered in the CPUs used by nearly all modern computing devices, including the Intel CPUs used in Macs and the ARM-based CPUs in iOS devices. Ars Technica has a good explanation of the problem and overview of the response from different companies.
Apple has now posted a support note explaining the situation from the company’s perspective. In short, Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and claims that its changes resulted in no measurable reduction in performance. An upcoming release of Safari will mitigate the Spectre exploits with only a minimal performance impact. Apple says that the Apple Watch is unaffected by both Meltdown and Spectre.
That’s all good, but note the word “mitigate” in Apple’s note — the company isn’t saying “fix.” Spectre, in particular, is a subtle vulnerability, and we’ll likely be seeing additional protections worked into software over time.
In other words, staying up to date with the latest security fixes from Apple is becoming ever more important.