How to protect your Mac and iOS devices from the Meltdown and Spectre CPU flaws

Surely by now you’ve heard about the Spectre and Meltdown CPU flaws, but you might not fully understand what the issue is and how you can protect yourself against the risks. We’re here to help. Here’s how these vulnerabilities affect your Apple devices and what you can so to keep them safe.

Meltdown and Spectre FAQ

One more time, what exactly is the issue here?

There are three separate potential security issues at play here, one named Meltdown and two named Spectre. They all take advantage of something called speculative execution. Basically, modern CPUs try to speed things up by taking educated guesses to predict what the next operation will be, and will go so far as to execute them ahead of time. If the prediction is correct, the CPU has an answer all ready to go. If it's incorrect, the “speculative execution” is removed. The whole process is nearly instantaneous and should be invisible to the software and OS. The Meltdown and Spectre bugs allow hackers to read and access this information in the OS kernel memory by taking advantage of the delay in its rollback.

What devices do they effect?

In a nutshell, all of them. If you have a PowerMac G5 or an iPhone 3GS, you’re probably okay, but all modern Macs and iOS devices are affected. While Meltdown mainly affects Intel-based Macs and PCs, in Apple’s case it also affects iOS devices. Spectre affects all iOS, macOS, and tvOS. WatchOS is unaffected by the Meltdown and Spectre flaws.

What’s Apple doing to fix it?

Well, there isn’t really a real fix. These exploits rely on flaws baked right into the very design of the CPUs themselves. The best Apple or anyone can do is mitigate the risk, and Apple is already taking steps to do so. In December, Apple released macOS 10.13.2, iOS 11.2, and tvOS 11.2 with mitigations to lessen the risk, and it says more are on the way. Specifically, an upcoming update to Safari on macOS and iOS will plug a potential Javascript exploit.

What about older OSes?

It’s unclear from Apple's statement, but presumably it will issue security updates to address the issue, as evidenced by this support page. If you have a system new enough to run macOS High Sierra and iOS 11, your best bet is to update. If you have an older system for which those operating systems are not supported, you don't have any real choice but to hold tight.

I’ve heard about slowdowns. Will my device be affected?

It’s too early to say, but Apple assured users that there won’t be any noticeable performance impact. It says it ran the December update through GeekBench, Speedometer, JetStream, and ARES-6 and saw “no measurable reduction in the performance of macOS and iOS.” Additionally, it has tested its Safari mitigations with the similar results, including an impact of less than 2.5 percent using the JetStream benchmark.

How can I protect my device from attack?

Update your OS

This is the obvious answer, but it’s also the best one. As we said, there is no real fix for Meltdown or Spectre, just ways to make exploits harder to pull off. Apple has already begun taking steps to protect users, but they will only be effective if they’re installed.

So, if you can update your Mac and iOS device to High Sierra and iOS 11, respectively, do so. Apple has squashed many of the early bugs and the latest versions are running smoothly, so if you want the best possible protection from Meltdown and Spectre, the latest version of the latest operating systems are the best way to do it.

Update Safari, Firefox, and Chrome

Apart from macOS, iOS, and tvOS, Apple is also updating Safari to address a possible Javascript exploit of the Spectre flaw. This will be arriving soon, so check the updates tab in the App Store app to install it once it arrives. Firefox 57.0.4 adds protections to that browser, and and Chrome 64 (to be released on January 23, 2018) will do the same for Google's browser. In the meantime, an optional feature called Site Isolation can help reduce risk in Chrome—read more about that here.

Don’t download apps from untrusted developers

Hackers can’t get into your system unless you let them in, so be mindful of where your apps are coming from, especially in the Mac. Obviously, the Mac App Store is the safest way to download apps, but there are a number of totally legit developers that offer apps outside Apple’s store. Most of them are safe to install, but you should do some research before hitting the download button. macOS already users by default when launching apps from unidentified developers, so pay attention to any prompts you get when opening an app for the first time.

Stay vigilant

As Apple says, the risk to users is fairly low, but the scale here is massive. With hundreds of million vulnerable devices, hackers are going to be working overtime to exploit these flaws, so be aware of a anything amiss with your device or accounts, and take the appropriate action if necessary.