CUPERTINO, Calif. — Apple released an iOS update Monday it says will protect iPhone and iPad users from two major security flaws.
Users can find the update by going into the general settings on their devices and clicking on “Software Update.” The iOS version that protects against vulnerabilities in the device processors is 11.2.2.
The U.S. tech giant has confirmed Thursday that all its iPhones, iPads and Mac computers are affected by two recently disclosed processor flaws called Spectre and Meltdown.
In an announcement Thursday, Apple said it had released patches to defend against Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2.
But it’s still working on other fixes that users should look out for.
“We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS,” Apple said.
Pointing out that the risks are likely to come from “a malicious app,” Apple also advised users to download software “only from trusted sources such as the App Store.”
Like other big tech companies that are scrambling to deal with the problem, Apple sought also to reassure users.
“There are no known exploits impacting customers at this time,” it said.
The Apple Watch isn’t impacted by the Meltdown flaw.
Researchers first announced the two flaws affecting virtually all computer processors on Wednesday.
Here’s the issue: Modern processors are designed to perform something called “speculative execution” to enhance performance. Data is supposed to be protected and isolated, but researchers discovered that in some cases, the information can be exposed while the processor queues it up.
Researchers said almost every computing system — desktops, laptops, smartphones, and cloud servers — is affected by the Spectre bug. Meltdown appears to be specific to chips made by Intel.
Other major companies rolling out fixes include Microsoft, Amazon and Google.
Fixing the problems will slow a computer’s performance, experts say, especially on devices more than five years old.
Intel said that “for the average user,” the performance impact on products using the processors from the last five years “should not be significant and will be mitigated over time.”
The bigger challenge appears to be for companies that deal with a lot of network traffic and considerable processing power — things like cloud computing providers, retailers that process consumer transactions and medical systems that crunch data.
Some experts say that to completely get rid of the risks created by the flaws, the affected processors need to be replaced entirely. But that’s not realistically going to happen anytime soon.
There aren’t any processors available at the moment that can replace the vulnerable ones and still provide the same kind of functionality.
Experts say that it will take years to bring to market new chips that can perform the same tasks both safely and effectively.