Millions of smartphones and tablets are compromised by the Spectre security flaw, with Apple confirming that all iPads and iPhones are directly affected.
Computers worldwide are also affected by the separate Meltdown processor security flaw, necessitating urgent operating system updates that could impact device speeds for consumers.
Spectre, meanwhile, appears to affect virtually all smartphones and tablets, including Android and iOS devices. Some fixes have already been delivered, and Apple has given an official response to this urgent problem.
Which? Tech Support – find out how to get helpful one-to-one computing and tech advice from Which? experts
What is the Spectre flaw?
Primarily targeting smartphones and tablets, the Spectre flaw targets Intel-branded processors within mobile devices, as well as chips from AMD and ARM.
It’s important to note that there have been no hacks or exploits of the flaw to date, and the risk is purely theoretical at this point. But, it’s serious enough to have prompted a global response by manufacturers of software and devices.
In simple terms, the Spectre vulnerability is able to trick a tablet or smartphone into copying data from legitimate apps over to malicious apps. Attackers could, in theory, steal passwords, personal photos and more.
Can Spectre be fixed?
We’re still learning more about Spectre as this story develops, but you’ll be pleased to hear that companies are already making moves to protect your devices.
Apple will be rolling out various updates and fixes for both Spectre and Meltdown (which affects MacBooks and iMacs) over the coming days. The company says it has already ‘released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2’. Apple will now be publishing updates for Safari to help defend against Spectre on mobile.
Android users will receive the necessary fixes and updates in waves – Google has already made these available for its own-brand Nexus devices, and we can expect to see security updates for Android devices from other manufacturers imminently. Samsung, Amazon, OnePlus and Huawei phones run variants of the Android OS.
Windows 10 tablets and Windows Phone devices will shortly receive security fixes from Microsoft.
Apple has emphasised that ‘there are no known exploits impacting customers at this time’. An Apple blog post published this week explains: ‘We continue to develop and test further mitigations within the operating system for the Spectre techniques, and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.’
Will the fixes cause slowdown?
It’s been widely reported that the fixes required to address the Meltdown and Spectre security flaws could result in slowdown for devices. We’re conducting tests of affected laptops to confirm if this is the case.
If you’ve shelled out for an expensive Mac in the hope of top speeds, you may be in luck. In a statement, Apple said: ‘Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS.’
What do you need to do?
Companies are battling to improve software security before hackers are able to take advantage of either the Spectre of Meltdown flaws. They’ve had a headstart, too, with chip manufacturers such as Intel being aware of the flaw for months, before making it publicly known this week.
Keep an eye out for software updates on your tech devices. It’s important to install these promptly, be it on your smartphone, tablet, laptop or desktop.
In its blog post, Apple notes that ‘many of these [security issues] require a malicious app to be loaded on your Mac or iOS device’. It’s important to only download apps and other software from known, trusted sources.
You’re locked to using the App Store on iPads and iPhones, and Android users would be wise to stick to the Google Play Store only – these days, it’s vetted by Google to ensure malicious apps don’t sneak in. Amazon Fire tablet users must use the Amazon app store.
Google has confirmed that its Chrome browser will be updated on January 23 to protect against exploitation. Meanwhile, Amazon Web Services, Google Cloud and Microsoft Azure have all been patched in light of this week’s security news. At the time of writing, we’ve seen no signs that any of these services have been compromised by hackers.
We also suggest strengthening your computer’s defences with a Best Buy antivirus package. The best antivirus software we’ve tested will keep you safe from nasties while being simple to use, so see our Best Buy antivirus software page to see which options our experts recommend.
We’ll continue to cover this story as it evolves. For now, continue to update your software from trusted sources as security patches become available.