Apple Inc will release a patch for the Safari web browser on its iPhones, iPads and Macs within days, it said on Thursday, after major chipmakers disclosed flaws that leave nearly every modern computing device vulnerable to hackers.
Browser makers Google, Microsoft Corp and Mozilla Corp’s Firefox all confirmed to Reuters that the patches they currently have in place do not protect iOS users. With Safari and virtually all other popular browsers not patched, hundreds of millions of iPhone and iPad users may have no secure means of browsing the web until Apple issues its patch.
Apple stressed that there were no known instances of hackers taking advantage of the flaw to date.
Two major chip flaws
On Wednesday, Alphabet Inc's Google and other security researchers disclosed two major chip flaws, one called Meltdown affecting only Intel Corp chips and one called Spectre affecting nearly all computer chips made in the last decade. The news sparked a sell-off in Intel's stock as investors tried to gauge the costs to the chipmaker.
In a statement on its website, Apple said all Mac and iOS devices were affected by both Meltdown and Spectre. But the most recent operating system updates for Mac computers, Apple TVs, iPhones and iPads protect users against the Meltdown attack and do not slow down the devices, it added, and Meltdown does not affect the Apple Watch.
Macs and iOS devices are vulnerable to Spectre attacks through code that can run in web browsers. Apple said it would issue a patch to its Safari web browser for those devices “in the coming days.”
Shortly after the researchers disclosed the chip flaws on Wednesday, Google and Microsoft released statements telling users which of their products were affected. Google said its users of Android phones - more than 80 percent of the global market - were protected if they had the latest security updates.
Apple remained silent for more than a day about the fate of the hundreds of millions of users of its iPhones and iPads. Ben Johnson, co-founder and chief strategist for cyber security firm Carbon Black, said the delay in updating customers about whether Apple's devices are at risk could affect Apple's drive to get more business customers to adopt its hardware.
“Something this severe gets the attention of all the employees and executives at a company, and when they go asking the IT and security people about it and security doesn't have an answer for iPhones and iPads, it just doesn't give a whole lot of confidence,” Johnson said.