Apple users: Learn how to protect your device against security flaws

Spectre and Meltdown potentially leave devices open to malicious hackers

Apple has admitted its iPhone and Mac products are affected by the Spectre and Meltdown flaws in the hardware chips. Photograph: EPA

Apple has admitted its iPhone and Mac products are affected by the Spectre and Meltdown flaws in the hardware chips. Photograph: EPA

 

It hasn’t been a good year for technology so far. Earlier this week, anybody who uses a smartphone, tablet or PC was informed that the device they entrust with so much information may be at risk from hackers. While that may not seem like news - sure aren’t we always fending off one threat or another - the difference this time is that it’s not software that’s to blame. This time, the security threat is within the hardware - more specifically, the microchip that runs everything.

What exactly is going on?

Earlier this week it emerged that every smartphone, tablet, laptop and PC has a flaw in their microchips that could allow hackers to gain access to confidential information such as passwords.

There are two separate problems. One, named Meltdown, affects Intel chips for laptops and servers. The second, Spectre, affects Intel chips and those made by rival AMD, but also chips based on designs from ARM - which run in most smartphones and tablets.

How does this affect Apple?

Apple confirmed on Friday that its iPads, iPhones and Macs are affected by both Spectre and Meltdown, but it has already taken steps to protect users of iOS 11, MacOS and its latest Apple TV software from the flaw. Spectre is arguably the more dangerous of the two flaws; while Meltdown is considered more problematic in the short term, Spectre is harder to patch.

The company said it would be issuing updates for Safari on MacOS and iOS in the coming days, to guard against any potential exploit in JavaScript on the web browser. Updates for iOS, macOS, tvOS, and watchOS that will further guard against Spectre will be released soon.

What’s the real risk?

So far, nobody has seen the flaws exploited in the wild. The issue was discovered by Google and academic researchers last year, and they had been working with the tech firms to try to put a fix in place before releasing any information on the problem. However, it seems they were forced to go public about it earlier than planned, leaving companies rushing to find a fix before it became a real problem.

To exploit the flaw, hackers would have to get malicious software running on a vulnerable microchip, which would allow them to access data from other software on the machine.

What should I do?

1. Be careful what you are installing on your device. To exploit the vulnerability, bad software needs to get into your machine, so the fewer opportunities you offer for that to happen, the better. Download software only from trusted sources - in Apple’s case, the official App Store - and be careful about clicking on unsolicited links.

2. The next time you see the software update icon pop up on your laptop, tablet or smartphone, don’t ignore it. Microsoft has already issued a patch for its operating system, and others will be following suit. If you don’t install the update or delay it in any way, your machine will remain vulnerable for longer.

3. Make sure your antivirus protection is up to date too. It may not block everything - new threats emerge all the time - but making things more difficult for those who want to spread bad software isn’t something you should dismiss.

To update your Mac, go to the Mac App Store on your machine, and open the Updates tab. The update will appear there when it is available. On your iPad or iPhone, go to Settings>General>Software Update.

To update your Windows 10 system, go to Settings>Update & Security>Windows Update> Check for updates. On Windows 7, go to Control Panel>System & Security>Windows Update>Check for Updates.

Anything else?

Consider installing an ad blocker, at least until the update for your device has been released. While some websites rely on advertising for revenue, ads can sometimes carry malicious code and the owner of the site doesn’t have complete control over this. Blocking ads would help guard against this.