Apple Confirms All Macs and iOS Devices Are Affected by 'Meltdown' Chip Flaw

Apple Inc. said all Mac computers and iOS devices, like iPhones and iPads, are affected by chip security flaws unearthed this week, but the company stressed there are no known exploits impacting users.

The Cupertino, California-based company said recent software updates for iPads, iPhones, iPod touches, Mac desktops and laptops, and the Apple TV set-top-box mitigate one of the vulnerabilities known as Meltdown. The Apple Watch, which runs a derivative of the iPhone’s operating system is not affected, according to the company.

Despite concern that fixes may slow down devices, Apple said its steps to address the Meltdown issue haven’t dented performance. The company will release an update to its Safari web browser in coming days to defend against another form of the security flaw known as Spectre. These steps could slow the speed of the browser by less than 2.5 percent, Apple said in a statement posted on its website.

Apple shares rose less than 1 percent to $173.56 in early trading Friday in New York.

Intel Corp. on Wednesday confirmed a report stating that its semiconductors contain a vulnerability based around a chip-processing technique called speculative execution. Intel said its chips, which power Macs and devices from other manufacturers, contain the flaw as well as processors based on ARM Holdings architecture, which is used in iOS devices and Android smartphones.

In December, Apple came under fire for iPhone software changes that reduced the performance of some older models of its smartphone. Alongside an apology and an explanation that a software change was implemented to balance out the effect of aging batteries, the company reduced the cost of replacing the power units from $79 to $29 through the end of 2018.

Security experts have said highly regulated sectors of industry, such as government offices and public health institutions, are most at risk of compromise as a result of the chip security vulnerability.

How to Speed Up Your Mac on a Budget

If you’ve been using your MacOS notebook or desktop for some time you may have noticed that things are slowing down: screen refresh, on-disk operations, programs open & close.  This is eventually happens to all computers as we clutter the system with additional files and programs.

Most people don’t look forward to upgrading their Mac and all the cast and hassles that come with it.  Instead, you may be able to improve your Mac’s performance by taking a few, inexpensive steps proven to speed things back up.  Here’s how:

Clean up your hard drive

Cleaning your hard drive is by far the best and easiest way to speed up your Macbook. Go through your hard drive and clean out everything that’s slowing it down.

What exactly is slowing it down? Caches, logs, apps, widgets, language packs, plugins, hidden trash, and large files. Get rid of these things to increase the speed of your Mac. It’s true that you can do this all manually, but finding all of these items and removing them takes time. Plus, you have to know where to look.

One of the top rated tools on the market is Dr. Cleaner.  Dr. Cleaner is an all-in-one free app that offers Memory Optimization, Disk Cleaning and System Monitoring to keep your Mac optimized for the best performance.

Here’s a list of the impressive features Dr. Cleaner offers.

Memory optimizer

Identify Apps that use a significant amount of memory as candidates for removal.

One-click memory optimization—instantly reclaim memory from closed apps and free up resources.

Disk mapping/file management

• Views your entire disk by file or folder size so you can determine which files or folders use the most space.
• Dr. Cleaner scans all your disks and creates a clickable map of the files on your disk, color-coded by file type showing detailed information on each file.

Managing large files

• One-click scan for big files including your cloud-based drives (customizable size from 10 MB and above)
• Apply multiple filters of size, date, name and type
• Dr. Cleaner create “safe house” for your large files thereby preventing them from being unintentionally deleted.

Duplicate finder

• Quick scan for duplicate files–Dr. Cleaner has the fast and accurate scanning technique that covers your entire folder system.
• Smart selection–duplicates are selected not only by file names but also by their contents. Files are shown in detailed previews. Dr. Cleaner can also help you “decide” which copy to delete by presenting “Auto Select” button.
• Easy and safe decision — duplicates can be sorted by file type and listed in their full route for you to track. You can decide which way to clean these files – either by putting them in to Trash or deleting them permanently.

A better way to manage your apps

• Auto-clean leftover files of deleted apps
• Easily manage all apps installed on your Mac
• Clearly and easily view all app information installed on your Mac by name, size, and last opened date

System requirements:  OS X 10.10 or later, 64-bit processor, 29 Mb of hard disk space.

Manage your startup items

Obviously, a clean startup helps speed up a Macbook that’s running slowly. No wasted time waiting for Chrome, Firefox, or Safari to load. Instant access! Well, when your Mac boots up, it runs a lot of unnecessary apps that slow your Mac down.

Take control of your Mac again! Go to your System Preferences > Users & Groups and then click on your username. Now click on Login Items. Select a program you don’t immediately need when your Mac starts up, and then click the “–” button below.

Taking care of these startup programs is an easy way to help add speed to your Mac.

Turn off visual effects

Most Macs are now capable of running Mac OS X Mavericks without any trouble. But some people prefer to keep the dock static to prevent slowdown. Click System Preferences > Dock and uncheck the following check boxes:

• • • Magnification
    • Animate opening applications
    • Automatically hide and show the dock
    • Turn off accessibility

Now click on Minimize windows using and change Genie Effect to Scale Effect.

Update your software

Make sure you perform a software update for Mac OS X and all the apps installed in Mac. Click on the Apple icon in the menu bar and choose Software Update (or open Software Update in the App Store).

If you have apps purchased outside of the App Store, they will need to be updated separately. You’ll usually find Check for Software Update from the program name in the menu bar.

You should also make sure that Mac OS X keeps itself up to date. Click on System Preferences > App Store and ensure that Automatically Check For Updates is ticked. You can also tick Install App Updates,which will automatically ensure that apps are updated.

Apple Offers Apology For “BatteryGate”

Apple has released a statement addressing “Battery Gate,” the company’s controversial decision to slow down older phones in order to protect battery stability.

The statement included the following, as reported by CNBC: “We know that some of you feel Apple has let you down. We apologize. There’s been a lot of misunderstanding about this issue, so we would like to clarify and let you know about some changes we’re making. First and foremost, we have never — and would never — do anything to intentionally shorten the life of any Apple product, or degrade the user experience to drive customer upgrades. Our goal has always been to create products that our customers love, and making iPhones last as long as possible is an important part of that.”

As a result, the company is slashing $50 off the out-of-warranty iPhone battery replacement for the next year. A new software update will also launch early next year, giving users more insight into battery life.

Earlier this month, John Poole, founder of software company Primate Labs, found that iPhone 6s models running iOS versions 10.2 and 11.2, and iPhone 7 phones running iOS 11.2, were more likely to have instances of slower processing speed.

Apple confirmed Poole’s findings, noting on Dec. 20 that the tech company was trying to “smooth out the instantaneous peaks only when needed to prevent the device from unexpectedly shutting down” when conditions were cold or as batteries aged.

The news caused a social media backlash, as customers expressed outrage that they had not been informed of the change or given the option to replace the battery. It has also resulted in a class-action suit against the Cupertino, California company.

Two California residents, Stefan Bogdanovich and Dakota Speas, filed a suit stating that Apple never got their consent to slow down their iPhones. The two claimed they experienced interference in usage of their iPhone 7 smartphones because of the intentional slowdowns. Both are also claiming damages in the lawsuit, contending that the slowdowns hurt them economically and that they are entitled to compensation from Apple.

While it’s rare for Apple to comment on critical news stories, this isn’t the first time the company has released an apology for a product. Apple shifted its stance on App Store guidelines in 2010, and also issued an extensive apology for issues with the iPhone 4.

Update your iPhone to avoid being hacked over Wi-Fi

It’s only been five days since Apple’s last security update for iOS, when dozens of serious security vulnerabilities were patched.

As we mentioned last week, the recent iOS 10.3 and macOS 10.12.4 updates included numerous fixes dealing with “arbitrary code execution with kernel privileges”.

Any exploit that lets an external attacker tell the operating system kernel itself what to is a serious concern that ought to be patched as soon as possible – hesitation is not an option.

After all, it’s the kernel that’s responsible for managing security in the rest of the system.

Sophos Home

Free home computer security software for all the family

Learn More

Take this analogy with pinch of salt, but an exploit that gives a remote attacker regular user access is like planting a spy in the Naval corps with a Lieutenant’s rank.

If you can grab local administrator access, that’s like boosting yourself straight to Captain or Commodore; but if you can own the kernel (this is not a pun), you’ve landed among the senior Admiral staff, right at the top of the command structure.

So make sure you don’t miss the latest we-didn’t-quite-get-this-one-out-last-time update to iOS 10.3.1:

iOS 10.3.1

Released April 3, 2017

Wi-Fi

Available for: iPhone 5 and later, 
               iPad 4th generation and later, 
               iPod touch 6th generation and later

Impact:        An attacker within range may be able to 
               execute arbitrary code on the Wi-Fi chip

Description:   A stack buffer overflow was addressed 
               through improved input validation.

CVE-2017-6975: Gal Beniamini of Google Project Zero

This is rather different from the usual sort of attack – the main CPU, operating system and installed apps are left well alone.

Most network attacks rely on security holes at a much higher level, in software components such as databases, web servers, email clients, browsers and browser plugins.

So, attacking the Wi-Fi network card itself might seem like small beer.

After all, the attacks that won hundreds of thousands of dollars at the recent Pwn2Own competition went after the heart of the operating system itself, to give the intruders what you might call an “access all areas” pass.

Nevertheless, the CPU of an externally-facing device like a Wi-Fi card is a cunning place to mount an attack.

It’s a bit like being just outside the castle walls, on what most security-minded insiders would consider the wrong side of the moat and drawbridge.

But with a bit of cunning you may be able to position yourself where you can eavesdrop on every message coming in and out of the castle…

…all the while being ignored along with the many unimportant-looking peasants and hangers-on who’ll never have the privilege of entering the castle itself.

Better yet, once you’ve eavesdropped on what you wanted to hear, you’re already on the outside, so you don’t have to run the gauntlet of the guards to get back out to a place where you can pass your message on.

What to do?

As far as we know, this isn’t a zero-day because it was responsibly disclosed and patched before anyone else found out about it.

Cybercrooks have a vague idea of where to start looking now the bug that has been described, but there’s a huge gap between knowing that an exploitable bug exists and rediscovering it independently.

We applied the update as soon as Apple’s notification email arrived (the download was under 30MB), and we’re happy to assume that we’ve therefore beaten even the most enthusiatic crooks to the punch this time.

You can accelerate your own patch by manually visiting Settings | General | Software Update to force an upgrade, rather than waiting for your turn in Apple’s autoupdate queue.

via nakedsecurity