News

If You Have An iPhone, Here's What You Should Know About Its Major Security Flaw

by Jessicah Lahitou
Justin Sullivan/Getty Images News/Getty Images

A research group has discovered two serious defects in widely used computer chips. And since these compromised chips are used in billions of devices, it's likely that the technical flaws, known as Spectre and Meltdown, affect nearly everyone. Billions of computer devices everywhere in the world are affected, and if you're an Apple user, the company confirmed its products are impacted, too.

The flaws are located in the processor, which "acts as the brain" of computers, writes Selena Larson at CNN Tech. Today's processors engage in predictive "thinking," wherein they anticipate what their next task will be and then search for and access relevant information from computer memory.

During that lag time, researchers found that certain sensitive information is vulnerable to hacking. Users' passwords and even open tabs could theoretically be accessed in the lag time between a when a processor finds that data and when it delivers it.

The research found that pretty much every computer system, from laptops to smartphones to medical equipment, is susceptible to Spectre, while the Meltdown bug appears to only affect Intel chips.

Of the threat posed by these processor flaws, researchers at the Graz University of Technology state that "a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."

In the Graz University of Technology's Q&A section, they have a simple response to those who want to know if they've been impacted: "Most certainly, yes."

The bad news doesn't stop there. Computer users are told that there is pretty much no way to know if they've already been hacked via a Meltdown or Spectre bug. Researchers also note it's "unlikely" that any antivirus program would have spotted a hack of this nature.

There are some remedies being offered by different tech companies. Even though Apple designs its own chips and operating systems, they still utilize speculative execution, and are thus vulnerable to Meltdown. So Apple has updated its iOS and macOS to guard against hacking. (Read: It's crucial to install those updates.)

Microsoft, Google, Amazon, and a host of other tech companies have also offered their own assortment of fixes. In the short-run, it seems that Meltdown will be pretty summarily fixed. It's a problem with a more straightforward answer than Spectre, which poses a unique challenge for Intel.

In fact, the company has been hit with three class-action lawsuits over its product.

“The security vulnerability revealed by these reports suggests that this may be one of the largest security flaws ever facing the American public,” lawyer Bill Doyle told The Guardian. Doyle's law firm, Doyle APC, is representing two plaintiffs who filed a suit against Intel in California. Other suits have been filed in Oregon and Indiana, with more expected in the coming days and weeks.

Besides individual users, Intel will likely be asked to pay some damages — or, at the very least, offer discounted prices in the future — to big buyers of its products. Those companies include Google, Microsoft, and Amazon.

For everyday users of tech devices impacted by Meltdown and Spectre (which means pretty much everyone), slower loading times may be coming. Some are predicting that fixes to both problems could slow down processing times significantly.

For now, users who want to mitigate against the Meltdown and Spectre threats are highly advised to install the latest company updates on all devises.