Spectre and Meltdown are design flaws in modern processors that open a massive range of PCs, phones, tablets and servers to attack.
The two vulnerabilities in modern chip design could allow attackers to bypass system protections to read sensitive information, such as passwords, from memory.
All Intel processors are vulnerable by default, with patches being released for PC operating systems and firmware by Microsoft and other major tech vendors to reduce the risk.
However, while most PCs and servers are potentially vulnerable, not all computers are open to these attacks. Computers with AMD processors are only affected by Spectre, which is significantly more difficult to exploit than Meltdown. And while only a small number of Arm-based processors are affected by Spectre, the affected chips are widely used in smartphones and tablets, including all Apple iPad and iPhones.
Here’s the most recent information on which Android, iOS and Raspberry Pi devices are vulnerable and which have been patched to reduce, but not eliminate, the risk. In general terms, more expensive and more modern devices are more likely to be affected by Spectre.
Where patches are available, most will be applied automatically, but for more information on how to apply them manually see this CNET guide.
Which Android devices are affected?
Samsung Galaxy S8 devices with Qualcomm Snapdragon processors appear to be vulnerable to Spectre-related attacks, as do Samsung Galaxy S6 devices, but it is unclear whether S8 phones with the Exynos 8-series processor or the Galaxy S7 family of devices are at risk.
A spokeswoman for Samsung said “for Samsung’s Android based mobile devices with the latest security update, the exploit is effectively mitigated”. Samsung released a security update earlier this month for a range of devices, including Samsung S6, S7 and S8 handsets.
Recent Google Nexus phones, such as the 5X and 6P are seemingly vulnerable to Spectre attacks, as are Google Pixel devices, such as the Pixel 1 and Pixel 2, however Google rolled out a patch on January 5th to help mitigate potential attacks.
The Huawei Huawei Mate 8 and 9, P10 and Mate 10 Pro, appear to be at risk from Spectre-related attacks.
However Huawei devices such as the Huawei P8 and P10 Lite, don’t appear to be at risk, due to being based on an older Arm-based chipset.
A spokeswoman for Huawei said: “Whilst all Huawei devices are considered safe, we will nevertheless be distributing firmware updates, including Google’s latest CVE-2017-13218 patch, to ensure maximum device security.
“As standard practice, consumers will receive Huawei’s push notification about firmware updates directly on their devices and we encourage all users to continue to update their devices regularly.”
Which iPhones and iPads are affected?
Apple has said that all versions of the iPhone and iPad are affected by the Spectre flaw.
While there are no known exploits for Spectre on iOS devices, Apple recommends users avoid malicious apps by only downloading software from trusted sources such as the App Store.
SEE: Incident response policy (Tech Pro Research)
To reduce the risk of attacks exploiting Spectre, Apple has released an update for Safari for iOS.
Apple also indicates that iPhones and iPads are vulnerable to Meltdown but says that the latest iOS update, 11.2, mitigates against the risk of Meltdown-related exploits, and shouldn’t degrade device performance.
Which Macs are affected?
All Macs are affected by Spectre, and Apple again recommends users protect against exploits by only downloading software from trusted sources.
Apple plans to further reduce the risk of attacks exploiting Spectre by releasing an update for Safari for macOS in the coming days.
macOS devices are also vulnerable to Meltdown, however Apple says that the latest update, 10.13.2, mitigates against the risk of related exploits, and shouldn’t degrade device performance.
Which Raspberry Pi devices are affected?
Seemingly none. Neither the Raspberry Pi 1, 2 or 3 are affected by Meltdown or rely on one of the newer Arm-based processors affected by the Spectre flaw.