Every single iPhone, iPad, Mac and Apple TV is vulnerable to a huge bug that could allow them to be hacked.
Apple has now confirmed that almost all of its products are affected by the major Intel bug that was revealed this week. That means that any of its customers’ most sensitive information could potentially be read.
But while the exact nature of the problem is still unclear, and so the danger is impossible to entirely understand let alone head off, there’s some things you can do.
In short, there’s two key things to be certain to do: make sure your phone or computer is up to date, and don’t download any software that you don’t trust. But the problem itself and the fixes against it are far more complicated than that.
Gadgets and tech news in pictures
What do I need to do?
Apple is working hard to fix the problem, and more and more updates will come out through the following days. So the most important thing is to make sure your phone, Mac, Apple TV, iPad or whatever else is updated to the most recent version available.
That’s always important, of course. But doubly important at times like this, when exploits could be making their way into the world.
You might already have fended off some of the problems with the new bug, without knowing it. Recent updates to iOS, macOS and tvOS all secretly included some protection against the problem, because it was being worked on behind the scenes. So if you’ve been doing that, just continue to do so.
The second thing is to be vigilant about what you’re running on your iPhone or computer. The exploit needs to be run by a malicious program – which is much harder if you don’t let any malicious programs into your device in the first place, so be sure to keep an eye on what you download and make sure you’re only getting them from legitimate places like the App Store.
The problem is complicated, however, by the fact that the code could also make its way onto your phone through your web browser, since websites are able to use your phone to run code. There is little you can do at this point, apart from making sure you stay away from questionable websites, but Apple says that there will be fixes in place for Safari soon.
What’s the problem?
Both of the new flaws – associated with Intel but not limited to their chips – revolve around something called “speculative execution”. That, in a short and far too basic explanation, is when a chip gets started on a task before it’s actually needed, meaning that it’s ready for when it is.
The flaw means that malicious programmes can intercept that activity, even if it doesn’t actually get used. A programme could see what else the chip has been doing through speculative execution, which might include some of your most personal and important information.
That’s why fixing the problem could cause some computers to slow down: speculative execution is a useful tool for allowing chips to work faster than they would otherwise. But it’s also potentially a useful tool for anyone trying to read what’s happening on your iPhone or computer.
Does that mean my iPhone or computer will slow down?
Probably not. Obviously, Apple hasn’t finished all of the fixes – or they’d be out and available to download now – but at the moment, the impact is limited, according to Apple.
The updates to Safari show something between no reduction in performance and a very slight one, it said, and it’s likely to be the same for everything else on your phone.
Has anyone hacked into my iPhone already?
As far as we know, nobody has made use of the exploit. Very few people know what it actually is, since the details are being kept secret until the attack can be protected against. But now that the problem is public, you can bet that all sorts of unsavoury characters on the internet are doing what they can to work it out.
“All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” Apple said in its statement.
Apple said that its analysis had shown that the Spectre flaw is “extremely difficult to exploit”, even if the app is already running on your computer. But the bug can also make its way into your computer through dodgy code running in Safari, and Apple will be releasing an update to make it harder for that to get into your computer, too.