Every electronic device you use on a daily basis—including Apple products—could be in danger from two major vulnerabilities with dramatic-sounding names: Meltdown and Spectre.
To be clear, this means you absolutely have to update every operating system possible right now, though some have no fix yet.
Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.
Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre.
MeltdownAttack.com (it's safe, don't worry) explains its namesake vulnerability as allowing for an "attack" that "allows a program to access the memory, and thus also the secrets, of other programs and the operating system."
That means Meltdown makes it very easy to find the cork holding sensitive info in a computer's memory and pull it out, leaking private data to anyone who knows how to do it.
The same website says Spectre "breaks the isolation between different applications" and that permits "an attacker to trick error-free programs (...) into leaking their secrets."
At the moment, antivirus programs are unlikely to spot the issue. Researchers who experimented found that exploiting Meltdown or Spectre could lead to an attacker extracting passwords and anything else you'd rather no one see in your system, like financial info or homemade porn.
The fun part is Apple isn't the only tech giant with these holes near the cores of their devices. Microsoft and Google share the issue as well. That's because all these companies use chips from Intel and ARM.
So anyone who figures out a way to unlock either Meltdown or Spectre could potentially have the golden key to the digital kingdom.
Researchers don't know if either problem has been used by hackers yet.
Knowing the way both independent and state-sponsored attackers are constantly on the lookout for new ways into finding information no one wants them to see, it's a safe bet someone did know about both issues before this week.
That said, few are in immediate danger at the moment, and all companies affected appear to be working very hard to patch the holes as soon as possible.