Apple to issue software fix for chip flaw

Apple said Thursday that it is planning a software update to counter two cyber vulnerabilities that affect computer chips manufactured by Apple, Intel and other tech companies.

Apple said on its website that an update will be rolled out “in the coming days” that is meant to counter two exploitation techniques known collectively as the Spectre vulnerabilities, which were previously believed to only be effective against Intel chips.

{mosads}

The vulnerabilities could potentially allow Javascript running on websites to access sensitive information on computer systems without permission by taking advantage of the time it takes an operating system to run a permissions check for a memory access call, according to the statement.

“Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques,” the statement reads. “Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark,” the company said, referring to speed and performance indicators.

The statement adds that Apple will continue analyzing the Spectre vulnerabilities and produce future software updates as needed.

Apple’s statement also addressed another similar vulnerability, nicknamed Meltdown, which the company says affects all Mac and iOS devices but was bypassed by a previous software update.

Patching out the Meltdown vulnerability resulted in “no measurable reduction” in performance, the company said.

The Department of Homeland Security (DHS) issued guidance on the software flaws this week, noting that while software patches could improve performance, the only true solution was to replace affected computer parts.

DHS estimates that the vulnerabilities affect an array of computer chip vendors including AMD, Google, Microsoft and Apple, and that the flaws impact millions of modern computing systems developed over the last decade.