Apple admits to major security flaws

Technology giant Apple has confirmed all iPhones, iPads, Mac computers, and even its Apple TV set-top box had been vulnerable to snooping by hackers as part of two widespread computer chip flaws revealed this week.

Only the Apple Watch was safe from attack by one of the security flaws, it revealed today, although software fixes had been issued for others.

Apple’s admission came after academics and researchers from Alphabet’s Google Project Zero yesterday revealed and detailed two security flaws in computer chips dating back to 1995.

The vulnerabilities, named Meltdown and Spectre, could allow hackers to steal sensitive information, including passwords, and affected millions of machines using Intel and AMD computer chips.

Apple confirmed all of its major devices had been made vulnerable by the security holes but no data had yet been stolen.

“All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” the company said in a statement.

“Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.”

The company said Meltdown was the security flaw with “the most potential to be exploited,” but Apple had already issued software updates for its computers, mobile devices, and set-top box to prevent its exploitation.

Apple said it would release an update to its web browser, Safari, “in the coming days” to prevent hackers using the Spectre vulnerability, and would release further updates for all of its software to prevent their use in future.

Proofpoint cybersecurity strategy vice-president Ryan Kalember said there was no “immediate fix” available for Spectre, but consumers should simply ensure they installed the latest software updates on their devices and did not download unauthorised programs.

“While the vast majority of computing devices are impacted by these flaws, the sky is not falling,” he said. “Both vulnerabilities require an attacker to be able to run their code on the device they are attacking.

“The typical consumer is still vastly more likely to be targeted by something like a phishing email than a targeted attack exploiting Meltdown or Spectre.”

This story originally appeared in news.com.au.