Apple (AAPL) - Get Report , Alphabet's (GOOGL) - Get Report Google and Microsoft (MSFT) - Get Report are racing to patch up vulnerabilities created by a security flaw in the chips that power almost all of today's computers anddevices.
The new security gap affects chips from Intel (INTC) - Get Report , ARM Holdings and Advanced Micro Devices (AMD) - Get Report to varying degrees. The vulnerability arises from "speculative execution," a technique that CPUs used to improve performance, and can allow hackers to tap sensitive information stored an operating system.
"These issues apply to all modern processors and affect nearly all computing devices and operating systems," Apple said in a blog post. "All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time."
The good news is that hackers would generally have to place malware on a computer or device to exploit the weakness. As a result, Apple suggests only downloading software from its App Store, and upgrading to the latest operating system software, which contain fixes.
Apple outlined its response to two potential attacks, dubbed Meltdown and Spectre.
Meltdown allows a hacker to read data from an OS's kernel, which could include passwords or other sensitive data. "Our analysis suggests that it has the most potential to be exploited," Apple said.
Apple has already released fixes in iOS 11.2 for iPhones, macOS 10.13.2 for Mac Computers and Apple TV's tvOS 11.2 to help defend against Meltdown. Apple Watch is not vulnerable to Meltdown, the company said.
Spectre refers to two similar potential exploits that are more difficult to take advantage of, but are also more challenging to prevent. "These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call," Apple said.
Meanwhile, Google wrote in a blog post on Wednesday that Android devices, including Nexus devices and Pixel phones, are safe as long as they have the latest security updates. G Suite apps (such as Gmail, Calendar and Drive), Google Home and Chromecast are protected.
Google said that people who use Google Chrome browsers or own a Chromebook with the Google Chrome OS should enable the site isolation security feature. A Chrome browser update to be issued on Jan. 23 will include protections. The Chromebook OS received a patch for some vulnerabilities on Dec. 15, but devices with older versions of the operating system may not have received the update. Google provides a dizzying list of devices with a patch for Meltdown.
For its part, Microsoft released a Windows update that addresses security for kernels and other issues, but said it does not know about any attacks. The company's support web site says to update antivirus software and install firmware updates from device manufacturers.
"Microsoft has been working closely with chip manufacturers to develop and test mitigations to protect our customers," a Microsoft spokesperson said. "We're in the process of deploying mitigations to cloud services and released security updates on January 3 to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD."
More of What's Trending on TheStreet: