Still, inexpensive battery replacement is the right thing for Apple to do. A good reputation is its best selling point in an era where smartphone features are reaching parity. Battery life is most people’s No. 1 complaint about their phones, and maintenance is a long-overdue part to smartphone ownership. When Apple makes repairing phones as easy buying new ones, it saves us money and it’s better for the environment.
The United States Computer Emergency Readiness Team and others initially believed that the only way to protect against Meltdown and Spectre would be total hardware replacement. The vulnerabilities impact fundamental aspects of how mainstream processors manage and silo data, and replacing them with chips that correct these flaws still may be the best bet for high-security environments. In general, though, replacing basically every processor ever simply isn't going to happen. CERT now recommends "apply updates" as the solution for Meltdown and Spectre.
As for those patches, well, some are here. Some are en route. And others may be a long time coming.
In this blog post I’ll speculate as to how we ended up with multiple researchers arriving at the same vulnerabilities in modern CPU’s concurrently. The conclusion is that the bug was ripe because of a years long build up of knowledge about CPU security, carried out by many research groups. I’ll also detail the rough story behind the research that let me to the bug. My story is probably different than that of the other researchers, but while unique I relatively sure that it’s the same for all researchers on most security issues: Security research is a long haul thing. This remainder of this blog post is semi technical.
Software is the weak link right now on the iPad and iPhone and Apple should be doing everything it can to encourage the development of professional level apps.