Apple: ARM or Intel, major chip flaw affects all Macs and iOS devices

CPU vulnerability affects almost all Apple products containing either Intel or ARM-based CPUs

Apple has confirmed that the microprocessor flaw exposed this week affects almost all of its products, including all iPhones, iPads and Macs sporting both Intel and ARM-based CPUs.

One of the two flaws, dubbed Meltdown, affects only Intel microprocessor architectures - going all the way back to about 1995. The second, dubbed Spectre, affects microprocessor designs from ARM and AMD, as well as Intel.

Each has the potential to enable technically competent cyber attackers to compromise information on a user's PC, Mac or smartphone.

While there's currently no indication of compromise, or exploits appearing, so far some proof of concepts have been devised by researchers confirming the seriousness of the flaws.

The flaws cannot be rectified without a recall and replacement of the microprocessors - which almost certainly means it wouldn't happen. Instead, operating system vendors and coders have been working to build patches to prevent the flaws from being exploited.

These, though, could impose a significant performance hit, with speculation suggesting anywhere between five per cent and 35 per cent.

The bigger hit will be felt when users are running more heavyweight applications, particularly data-oriented applications. Home users running light tasks - even playing up-to-date games - should be much less affected.

According to Apple, the vulnerability affects the iPhone, iPad, Macs and even the Apple TV box. However, Apple Watch users aren't believed to be at risk by the flaw.

"Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre," warned Apple in a statement.

It continued: "These issues apply to all modern processors and affect nearly all computing devices and operating systems.

"All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time."

Although the flaw isn't pretty, the firm said users can mitigate the risks by only downloading apps and software from "trusted sources".

The company is also working on an update for Safari to prevent that being used as an attack vector. With Spectre, it may be possible to compromise a machine via a Javascript exploit.

"Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store."

"We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, MacOS, tvOS and WatchOS."

Apple also provided its take on the flaw, saying: "The Meltdown and Spectre issues take advantage of a modern CPU performance feature called 'speculative execution'.

"Speculative execution improves speed by operating on multiple instructions at once - possibly in a different order than when they entered the CPU.

"To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed."