On January 3, 2018, the Google Project Zero team reported they had discovered three variants of a hardware bug with important ramifications. You can read their blog post, Reading privileged memory with a side-channel.
The three variants are:
- Spectre (Variant 1): bounds check bypass - CVE-2017-5753
- Spectre (Variant 2): branch target injection - CVE-2017-5715
- Meltdown (Variant 3): rogue data cache load - CVE-2017-5754
Apple has released updates to help mitigate Meltdown and Spectre vulnerabilities.
Protect Apple devices
To help protect your Apple devices, Apple recommends installing the latest version of macOS and Safari.
For more information, refer to Apple's article About speculative execution vulnerabilities in ARM-based and Intel CPUs.