Apple iPhone Chip Vulnerability Is ‘Most Disturbing’ Security Issue in Decades

Apple iphone bug meltdown ios
A picture taken on December 28, 2016, in Vertou, France, displaying the Apple logo. Apple has admitted to a major flaw with iPhones and Mac computers. LOIC VENANCE/AFP/Getty Images

Apple has admitted that every iPhone and Mac computer is affected by the Meltdown and Spectre chip vulnerabilities, which security researchers say is “the most disturbing" cybersecurity issue in decades.

The security bugs, which were first discovered by security researchers at Google, apply to all modern processors and can be exploited by hackers through malicious apps running on a device.

In a belated response to the issue, Apple said in a blogpost on Thursday, “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.”

The Cupertino company added that iPhone and Mac users should only download apps and software from trusted sources. Apple Watch is unaffected by the issue.

“This is without doubt the most disturbing issue to hit the industry for decades,” says Ross Brewer, vice president at security firm LogRhythm, in a comment to Newsweek. “This really is the big one, and everyone—consumers and businesses alike—must pay attention."

“Not only is the attack surface the biggest we’ve seen, with so many devices at risk globally, the exposure window is also huge as it is reliant on people voluntarily patching their systems, which obviously has a significant lag,” Brewer added.

apple iphone 6 slow battery An iPhone 6 during an Apple event on September 9, 2014, in Cupertino, California. Justin Sullivan/Getty Images

Brewer and other security researchers say immediate action needs to be taken to avoid a “very serious timebomb” that could be exploited by opportunistic hackers.

“Fear aside, attention must turn to the ‘what now,’” Brewer said. “As this vulnerability opens the door to theft of credentials, logins and other private information, any unusual network activity needs to be detected, investigated and remediated as soon as it occurs.”

Despite the threat posed by Meltdown and Spectre, some cybersecurity experts believe iPhone and Mac users are at greater risk from phishing emails rather than targeted attacks using these particular chip bugs.

Read more: What we know about the major cybersecurity flaws and how to protect yourself

However, on a much broader scale, organizations and cloud computing providers need to implement security fixes for the Meltdown bug to prevent a large-scale global attack. There is currently no known fix for the Spectre bug.

“Like most organizations, chip manufacturers have long prioritized speed over security—and that has led to a tremendous amount of sensitive data placed at risk of unauthorized access via Meltdown and Spectre,” says Ryan Kalember, senior vice president at security firm Proofpoint.

“While the vast majority of computing devices are impacted by these flaws, the sky is not falling. Both vulnerabilities require an attacker to be able to run their code on the device they are attacking…If there is some good news, it’s fortunate that these vulnerabilities were discovered and disclosed by respected researchers as opposed to being exploited in a large scale, potentially-damaging global attack.”

Join the Discussion