Tech giants say they are making headqay against the recently disclosed vulnerabilities known as Meltdown and Spectre.
Apple says a software fix protects its devices from Spectre.
And Intel CEO Brian Krzanich opened his keynote talk Monday at the annual CES gadget show in Las Vegas by addressing the hard-to-fix flaws disclosed by security researchers last week.
He says there have been no known attempts to exploit the flaws, which affect processors built by Intel and other chipmakers.
Some researchers have argued that the flaws reflect a fundamental hardware defect that can’t be fixed short of a recall. But Intel has pushed back against that idea, arguing that the problems can be “mitigated” by software or firmware upgrades. Companies from Microsoft to Red Hat have announced efforts to patch the vulnerabilities.
And Krzanich promised fixes in the coming week to 90 percent of the processors Intel has made in the past five years, consistent with an earlier statement from the company . But he also added that updates for the remainder of those recent processors should follow by the end of January. Krzanich did not address the company’s plans for older chips.
Apple, meanwhile, has released new security updates for iPhones, iPads, and Macs to protect users from a computer chip vulnerability known as Spectre.
Last week, security researchers revealed major flaws in chips that affected billions of devices around the world. Tech companies, such as Microsoft, Google, Apple and others, scrambled to issue patches to prevent hackers from taking advantage of the vulnerabilities.
The latest mobile update, iOS 11.2.2, includes security improvements to Apple’s Safari browser and WebKit, its software for web pages, the company said on its support page.
iPhone and iPad users are urged to update their software immediately via the device’s General Settings section.
Meanwhile, Mac users can now install macOS High Sierra 10.13.2 for the same Safari fixes for laptops and desktops. The download is now available from the App Store under “Updates.”
Apple said last week all of its iOS and Mac devices were affected by the flaws, and it already released updates to mitigate against Meltdown. Now, Apple users can be protected against Spectre, too.
Both flaws affect something called “speculative execution” in modern computer chips, but they can be abused in different ways. One variant of Spectre could be exploited through web browsers, which is why Apple issued fixes for Safari.
There is no evidence these flaws have been exploited.
Although companies continue to roll out fixes, experts say hackers may soon attempt to exploit the flaws on devices that haven’t been updated. But it’s unclear how easy it would be to do so. The flaws are believed to be more complicated to exploit than other common methods.
Google also released mitigations for its many of products, and said a fix for its Chrome browser will be available later this month. Meanwhile, Microsoft issued updates for its Windows and cloud products.
The good news is users who keep their web browsers, apps and devices up-to-date should be protected from anyone trying to exploit these vulnerabilities.