Not a good start to the New Year for Apple

Apple has just issued a second customer warning for owners of its iPhones, iPads and MAC products that they are affected by a processor flaw that could leave them vulnerable to hackers.

The US tech giant urged its millions of customers to only download software from trusted sources after the security vulnerabilities, known as Meltdown and Spectre, were revealed on Wednesday.

According to the Press Association (PA News), there’s no evidence that the security flaws that affect computer processors built by Intel and ARM – have so far been exploited by hackers, although companies including Microsoft have been working to provide urgent fixes.

Apple says it had released software updates for iOS, the software on its phones and tablets, macOS, which is used by its computers and tvOS for its television products.

“Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre,” it added.

“These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.

“Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.”

The Silicon Valley tech giant said customers of its Apple Watch won’t be affected by Meltdown and it plans to release and update for its web browser, Safari, in the coming days to help defend against Spectre.

According to news reports, the security flaws were discovered by researchers at Google and academic institutions last year, although they were kept secret.

A spokesman for the UK National Cyber Security Centre told Sky News today “We are aware of reports about a potential flaw affecting some computer processors.”

This latest announcement by Apple follows its previous admission in November 2017 of a MacOS security flaw that affected all Apple products globally.

In its previous statement, Apple expressed “regret” that this error had occurred and issued a public apology, adding “our customers deserve better.”

Apple’s share price took a tumble by 2.6% at the end of November 2017 as a result and could drop further on the back of this latest announcement.

Under the stricter data protection, privacy and security standards enforceable across the EU under the General Data Protection Regulation (GDPR) from 25 May 2018, Apple could find itself facing significant sanctions and fines (up to 4% of its global turnover) for failing to comply with a basic principle of data protection – Data Protection by Design and by Default (Art.25, GDPR).

In simple terms, what this means is that if Apple ships products and services that don’t have data protection ‘baked’ into them, this will be an infringement of Art.25, GDPR and could also open the floodgates for compensation claims from customers whose personal data has been hacked and then used for other cyber crime activities that result in harm or damage to them.

Apple needs to think very carefully not just about the financial implications it faces but also the reputation damage this latest admission can cause in terms of its trust with customers around the world.

It must now carefully consider what steps it must now take as a matter of urgency to mitigate the risk of any potential harm and damage occurring as a result of customers using its products given these new data protection, privacy and security vulnerabilities.

For information about the GDPR Transition Programme at Henley Business School, click here.



Leave a reply